from the example here: https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax

csrf.coffee

getCookie = (name) ->
    cookieValue = null

    if document.cookie && document.cookie != ''
        cookies = document.cookie.split ';'

        for cookie in cookies
            cookie = jQuery.trim cookie

            if cookie.substring(0, name.length + 1) == "#{ name }="
                cookieValue = decodeURIComponent cookie.substring(name.length + 1)
                break

    return cookieValue


csrfSafeMethod = (method) ->
    /^(GET|HEAD|OPTIONS|TRACE)$/.test method


$.ajaxSetup
    crossDomain: false
    beforeSend: (xhr, settings) ->
        if not csrfSafeMethod settings.type
            xhr.setRequestHeader 'X-CSRFToken', getCookie('csrftoken')