diff --git a/application/extensions/LimeScript/LimeScript.php b/application/extensions/LimeScript/LimeScript.php
index c1c49f3d55d..e296b0f4b1b 100644
--- a/application/extensions/LimeScript/LimeScript.php
+++ b/application/extensions/LimeScript/LimeScript.php
@@ -26,11 +26,18 @@ function csrfSafeMethod(method) {
                         // these HTTP methods do not require CSRF protection
                         return (/^(GET|HEAD|OPTIONS)$/.test(method));
                     }
-                    $.ajaxSetup({
-                        beforeSend: function(jqXHR, settings) {
-                            if(!csrfSafeMethod(settings.type)) {
+                    // Use $.ajaxPrefilter() instead of $.ajaxSetup({beforeSend: ...}) to add the CSRF token because beforeSend is
+                    // executed after the content type is determined. So, if the request had no data when beforeSend is executed,
+                    // the content type is 'text/plain', which is wrong.
+                    $.ajaxPrefilter(function(settings) {
+                        if(!csrfSafeMethod(settings.type)) {
+                            // Data could be passed as string or object, so we add the token depending on the data type
+                            if (typeof settings.data == 'string') {
                                 // NB: This sometimes includes the CSRF token twice, when already added to data.
                                 settings.data +=  '&" . Yii::app()->request->csrfTokenName . "=" . Yii::app()->request->csrfToken ."';
+                            } else {
+                                settings.data = settings.data || {};
+                                settings.data." . Yii::app()->request->csrfTokenName . " = '" . Yii::app()->request->csrfToken . "';
                             }
                         }
                     });";