If you're using Dojo and Rails & are having some issues with asyncs to your server being rejected, consider employing the following in your xhr or JsonRest : headers: { "X-CSRF-Token": query("meta[name='csrf-token']").attr("content") } In my particular situation, I was trying to do HTTP POSTs and Rails was terminating my session likely because it perceived the lack of a CSRF token as a hijack attempt. The code here simply adds the token as an HTTP header in the request. I think once I've had some time with this fix, I might look at subclassing these objects for my project and pre-populating the header. Then I'll simply substitute my implementations for the default Dojo ones. Which - come to think of it - would probably make for a good case when discussing the advantages of AMD . Fear not, if you happen to be using jQuery and are experiencing this issue, here's an equivalent solution .
The personal blog of Alexander Trauzzi