ASP.NET MVC AntiForgeryToken + AJAX = jQuery to the rescue

jQuery.antiforgerytoken.js

// Setup CSRF safety for AJAX:
$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
	if (options.type.toUpperCase() === "POST") {
		// We need to add the verificationToken to all POSTs
		var token = $("input[name^=__RequestVerificationToken]").first();
		if (!token.length) return;
		
		var tokenName = token.attr("name");
		
		// If the data is JSON, then we need to put the token in the QueryString:
		if (options.contentType.indexOf('application/json') === 0) {
			// Add the token to the URL, because we can't add it to the JSON data:
			options.url += ((options.url.indexOf("?") === -1) ? "?" : "&") + token.serialize();
		} else if (typeof options.data === 'string' && options.data.indexOf(tokenName) === -1) {
			// Append to the data string:
			options.data += (options.data ? "&" : "") + token.serialize();
		}
	}
}); 

I cannot get this to work when the contentType is 'application/json'. I tried this as well as many variations/hacks (adding it in header instead, adding to the json data, etc.) and could not get it to work with json requests. Anyone else having this problem. If you're using this please confirm that you're successfully sending a json post with the 'ValidateAntiForgeryToken' attribute. According to this post "The problem lies in the fact that the under the hood, deep within the call stack, the attribute peeks into the Request.Form collection to grab the anti-forgery token. But when you post JSON encoded data, there is no form collection to speak of." and you can't add to header as I tried because "the existing attribute which validates the token on the server won’t look in the header".

Any solution ?