diff --git a/source/Ox.UI/js/Core/Cookies.js b/source/Ox.UI/js/Core/Cookies.js
new file mode 100644
index 00000000..a29e374b
--- /dev/null
+++ b/source/Ox.UI/js/Core/Cookies.js
@@ -0,0 +1,20 @@
+Ox.Cookies = function() {
+    var name, value, cookies;
+    if (arguments.length == 1) {
+        name = arguments[0];
+        return Ox.Cookies()[name];
+    } else if (arguments.length == 2) {
+        name = arguments[0];
+        value = arguments[1];
+        document.cookie = name + '=' + encodeURIComponent(value);
+    } else {
+        value = {}
+        if (document.cookie && document.cookie != '') {
+            document.cookie.split('; ').forEach(function(cookie) {
+                name = cookie.split('=')[0];
+                value[name] = decodeURIComponent(cookie.substring(name.length + 1));
+            });
+        }
+        return value;
+    }
+}
diff --git a/source/Ox.UI/js/Core/Request.js b/source/Ox.UI/js/Core/Request.js
index fc91c449..02eced0f 100644
--- a/source/Ox.UI/js/Core/Request.js
+++ b/source/Ox.UI/js/Core/Request.js
@@ -136,6 +136,12 @@ Ox.Request = (function() {
                 } else {
                     pending[options.id] = true;
                     $.ajax({
+                        beforeSend: function (request) {
+                            var csrftoken = Ox.Cookies('csrftoken');
+                            if (csrftoken) {
+                                request.setRequestHeader("X-CSRFToken", csrftoken);
+                            }
+                        },
                         complete: complete,
                         data: options.data,
                         //dataType: 'json',