add csrf meta tag (for use with xhr, for example)

includes/functions.php

@@ -67,6 +67,15 @@ function CSRFToken()
 <?php
 }
 
+/**
+* Retuns a CSRF meta tag (for use with xhr, for example)
+*/
+function CSRFMetaTag()
+{
+    $token = htmlspecialchars($_SESSION['csrf_token']);
+    return '<meta name="csrf_token" content="' . $token . '">';
+}
+
 /**
 *
 * Validate CSRF Token

index.php

@@ -64,6 +64,7 @@ $theme_url = 'dist/css/'.htmlspecialchars($theme, ENT_QUOTES);
 <html lang="en">
   <head>
     <meta charset="utf-8">
+    <?php echo CSRFMetaTag() ?>
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="description" content="">