Is an X-Requested-With header server check sufficient to protect against a CSRF for an ajax-driven application?

Question

I\'m working on a completely ajax-driven application where all requests pass through what basically amounts to a main controller which, at its bare bones, looks something li

Answer 1

What you are doing is secure because xmlhttprequest is usually not vulnerable to cross-site request forgery.

As this is a client side problem, the safest way would be to check the security architecture of each browser :-)

^{(This is a summary; I am adding this answer because this question is very confusing, let's see what the votes say)}