diff --git a/test/specs/xsrf.spec.js b/test/specs/xsrf.spec.js
index 518ae2594ab1f50786b5dec2986228aa3d9339d0..d196a37d6d860348b02c906e1c23119851f10c2a 100644
--- a/test/specs/xsrf.spec.js
+++ b/test/specs/xsrf.spec.js
@@ -40,4 +40,37 @@ describe('xsrf', function () {
       done();
     }, 0);
   });
+
+  it('should not set xsrf header for cross origin', function (done) {
+    var request;
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios({
+      url: 'http://example.com/'
+    });
+
+    setTimeout(function () {
+      request = jasmine.Ajax.requests.mostRecent();
+
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
+      done();
+    });
+  });
+
+  it('should set xsrf header for cross origin when using withCredentials', function (done) {
+    var request;
+    document.cookie = axios.defaults.xsrfCookieName + '=12345';
+
+    axios({
+      url: 'http://example.com/',
+      withCredentials: true
+    });
+
+    setTimeout(function () {
+      request = jasmine.Ajax.requests.mostRecent();
+
+      expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual('12345');
+      done();
+    });
+  });
 });