diff --git a/theme/static/js/jhapi.js b/theme/static/js/jhapi.js
index ba3c7a5..b91bdff 100644
--- a/theme/static/js/jhapi.js
+++ b/theme/static/js/jhapi.js
@@ -40,6 +40,12 @@ define(["jquery", "utils"], function ($, utils) {
       "api",
       utils.encode_uri_components(path),
     );
+    var token = window.jhdata.xsrf_token
+    if (token) {
+      // add xsrf token to url parameter
+      var sep = url.indexOf("?") === -1 ? "?" : "&";
+      url = url + sep + "_xsrf=" + token;
+    }
     $.ajax(url, options);
   };