Do I need a CSRF token for jQuery .ajax()?

Question

So I\'ve got a basic .ajax() POST method to a PHP file.

What security measures do I need?

A few posts around were mentioning using a hidden MD5 input field t

Answer 1

In terms of request forgery, it doesn't matter how the client sends the request it matters how its received. The same CSRF rules apply for an ajax post as any other type of post.

I recommend reading the CSRF prevention cheat sheet. Using a per-user secret token is the most common form of protection.