@using Microsoft.AspNetCore.Antiforgery
@inject IAntiforgery Antiforgery
@{
    var antiForgeryTokens = Antiforgery.GetAndStoreTokens(Context);
}

<script type="text/javascript">
    function isExternal(url) {
        var match = url.match(/^(https?:)?\/\/([^\/]+).*/);

        if (match != null &&
            typeof match[1] === 'string' &&
            match[1].length > 0 &&
            typeof match[2] === 'string' &&
            match[2].length > 0 &&
            match[1].toLowerCase() !== location.protocol &&
            match[2] !== location.host) {
            return true;
        }
        return false;
    }
    //Override ajax request for setting the request header before the request is made
    XMLHttpRequest.prototype.open = (function(oldOpen){
        return function() {
            var isExternalUrl = isExternal(arguments[1]);
            var result = oldOpen.apply(this, arguments);
            if (!isExternalUrl) {
                this.setRequestHeader('@antiForgeryTokens.HeaderName', '@antiForgeryTokens.RequestToken');
            };
            return result;
        };
    })(XMLHttpRequest.prototype.open);
</script>