Single Page application is awesome paradigm but because they communicate with APIs there is lot of confusion around what security measures are needed and what are unnecessary. In this article I’ll try to explain when is CSRF protection needed.

http://www.eq8.eu/blogs/44-csrf-protection-on-single-page-app-api