diff --git a/browserid/static/dialog/resources/browserid-network.js b/browserid/static/dialog/resources/browserid-network.js
index f1da745eebae4fb83ccc76b368594ea5e2f05a9e..0cc83823626970872aa440135e0aa3061ca8ca2c 100644
--- a/browserid/static/dialog/resources/browserid-network.js
+++ b/browserid/static/dialog/resources/browserid-network.js
@@ -80,10 +80,16 @@ BrowserID.Network = (function() {
 
   function post(options) {
     withContext(function() {
+      var data = options.data || {};
+
+      if(!data.csrf) {
+        data.csrf = csrf_token;
+      }
+
       xhr.ajax({
         type: "POST",
         url: options.url,
-        data: options.data,
+        data: data,
         success: options.success,
         error: options.error
       });
@@ -114,8 +120,7 @@ BrowserID.Network = (function() {
         url: "/wsapi/authenticate_user",
         data: {
           email: email,
-          pass: password,
-          csrf: csrf_token
+          pass: password
         },
         success: function(status, textStatus, jqXHR) {
           if (onSuccess) {
@@ -164,9 +169,6 @@ BrowserID.Network = (function() {
     logout: function(onSuccess) {
       post({
         url: "/wsapi/logout",
-        data: {
-          csrf: csrf_token
-        },
         success: function() {
           // assume the logout request is successful and
           // log the user out.  There is no need to reset the
@@ -192,8 +194,7 @@ BrowserID.Network = (function() {
         url: "/wsapi/stage_user",
         data: {
           email: email,
-          site : origin,
-          csrf : csrf_token
+          site : origin
         },
         success: function(status) {
           var staged = JSON.parse(status);
@@ -249,7 +250,6 @@ BrowserID.Network = (function() {
       post({
         url: "/wsapi/complete_user_creation",
         data: {
-          csrf: csrf_token,
           token: token,
           pass: password
         },
@@ -321,7 +321,6 @@ BrowserID.Network = (function() {
       post({
         url: "/wsapi/complete_email_addition",
         data: {
-          csrf: csrf_token,
           token: token
         },
         success: function(status, textStatus, jqXHR) {
@@ -343,7 +342,6 @@ BrowserID.Network = (function() {
     cancelUser: function(onSuccess, onFailure) {
       post({
         url: "/wsapi/account_cancel",
-        data: {"csrf": csrf_token},
         success: createDeferred(onSuccess),
         error: onFailure
       });
@@ -362,8 +360,7 @@ BrowserID.Network = (function() {
         url: "/wsapi/stage_email",
         data: {
           email: email,
-          site: origin,
-          csrf: csrf_token
+          site: origin
         },
         success: function(status) {
           var staged = JSON.parse(status);
@@ -421,8 +418,7 @@ BrowserID.Network = (function() {
       post({
         url: "/wsapi/remove_email",
         data: {
-          email: email,
-          csrf: csrf_token
+          email: email
         },
         success: createDeferred(onSuccess),
         failure: onFailure
@@ -438,8 +434,7 @@ BrowserID.Network = (function() {
         url: "/wsapi/cert_key",
         data: {
           email: email,
-          pubkey: pubkey.serialize(),
-          csrf: csrf_token
+          pubkey: pubkey.serialize()
         },
         success: createDeferred(onSuccess),
         error: onError
diff --git a/browserid/static/dialog/test/qunit/browserid-network_test.js b/browserid/static/dialog/test/qunit/browserid-network_test.js
index 55116a806320563ad561137fee1457170c283010..46560a6f23e3d81fd59145b000e36b10eb17f102 100644
--- a/browserid/static/dialog/test/qunit/browserid-network_test.js
+++ b/browserid/static/dialog/test/qunit/browserid-network_test.js
@@ -108,6 +108,11 @@ steal.plugins("jquery", "funcunit/qunit").then("/dialog/resources/browserid-netw
         data: obj.data
       };
 
+
+      if(type === "post" && !obj.data.csrf) {
+        ok(false, "missing csrf token on POST request");
+      }
+
       var resName = req.type + " " + req.url + " " + xhr.resultType;
       var result = xhr.results[resName];