How to protect against CSRF when using Backbone.js to post data?

Question

Backbone.js handles posting data to server under the hood, so there is no easy way to insert a CSRF token in the payload. How can I protect my site against CSRF in this situatio

Answer 1

You can use a prefilter to add the token to all requests:

$.ajaxPrefilter(function(opts) {
    if (opts.data) {
        opts.data += "&";
    }
    opts.data += "csrfToken=" + token;
});

You may need to add additional logic if you don't always send the token.