csrf javascript

var request = new XMLHttpRequest(),
      token = document.querySelector('meta[name="csrf-token"]').content;

request.open('POST', url, true);
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
request.setRequestHeader('X-CSRF-TOKEN', token);
request.send(data);
Cruel Cheetah