CodeIgniter CSRF Protection With Ajax

If you're regenerating tokens what you posted won't work since you aren't updating the cookie's value after each request. If you want to use regenerate=true you'll need to save the current value in JS (I wouldn't use a cookie) and pass it through AJAX, then return the new CSRF token in the success callback to use for the next request.

That won't work if you send concurrent requests so your mileage may vary depending on how much AJAX you're using. Personally I would turn off regenerate, pass the same token each request  and put this in your htaccess.

Code:

# prevent app from being loaded in an iframe
Header always append X-Frame-Options SAMEORIGIN