Set a X-CSRFToken header to the value of the CSRF token, since many JavaScript framework provide hooks that allow headers to be set on every request.