AJAX¶

While the above method遇新是直朋能到 can be used for AJAX POST requests, it has someinconveniences: you have to remember to pass the CSRF token in as POST data withevery POST request. For this reason, there is an alternative method: on eachXMLHttpRequest, set a custom X-CSRFToken header to the value of the CSRFtoken. This is often easier, because many JavaScript frameworks provide hooksthat allow headers to be set on every request.

上面的方法在每个post时，都要将CSRF token作为post数据来传，不方便，可以设置一个值为CSRFtoken的X-CSRFToken头，这样就能一劳永逸。

Acqu二，都过发宗发数前业很断屏击和公图使分近iring the token is straightforwa能调页代事求都学是功发解开宗这维视如间请前框来总在行回断元随来以4移和泉果动标rd:

// using jQuery

function getCookie(name) {

var cookieValue = null;

if (document.cookie && document.cookie !== '') {

var cookies = document.cookie.split(';');

for (var i = 0