tags * as a response, then unnecessarily we are injecting csrf magic javascipt * in the response html at and using csrf_ob_handler(). * So, to overwride above rewriting we need following config. */ if(isAjax()) { $GLOBALS['csrf']['frame-breaker'] = false; $GLOBALS['csrf']['rewrite-js'] = null; } } function isAjax() { if (!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) { return true; } elseif (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) { return true; } return false; } ?>