As I know Same-origin policy forces an Ajax request to be issued only to the domain the script was loaded from.My application does not make any cross domain ajax request. So are all my ajax requests safe from CSRF? or Do I need to use some token for same origin Ajax requests as well?
CSRF is also useful in AJAX request , anyone can access AJAX domain path from other way e.g CURL, so better to add CSRF token to prevent access, it would also good in AJAX request even cross origin request blocked