csrf 跨域请求伪造攻击

请求提交携带 csrfToken 过去
window.addCart = function(productId,productType){
     $.ajax({
         url:"/dealer/dealerShoper/productAddCar?csrfToken="+$("input[name=csrfToken]").val() ,
         method:"POST",
         data:{productId:productId,productType:productType,skuIds:'',amounts:''},
         dataType:"json",
         success : function(data){
             if(data.code == 126000)
             {
                 remind("success","此产品已成功")
             }
         }
     })
 };