django-ajax-generated-template.html

<link rel="import" href="{{ STATIC_URL }}vendor/polymer/polymer.html">
<link rel="import" href="{{ STATIC_URL }}vendor/core-ajax/core-ajax.html">

<polymer-element name="django-ajax" extends="core-ajax">
    <script>
        Polymer({
            ready: function() {
                this.super();
                this.headers = {
                    "X-CSRFToken": {{ csrf_token }},
                    "X-Requested-With": "XMLHttpRequest"
                };
            }
        });
    </script>
</polymer-element>

django-ajax.html

<link rel="import" href="/assets/vendor/polymer/polymer.html">
<link rel="import" href="/assets/vendor/core-ajax/core-ajax.html">

<polymer-element name="django-ajax" extends="core-ajax">
    <script>
        Polymer({
            getCSRFCookie: function() {
                b = document.cookie.match('(^|;)\\s*csrftoken\\s*=\\s*([^;]+)');
                return b ? b.pop() : '';
            },
            ready: function() {
                this.super();
                this.headers = {
                    "X-CSRFToken": this.getCSRFCookie(),
                    "X-Requested-With": "XMLHttpRequest"
                };
            }
        });
    </script>
</polymer-element>