Some dashboard widget operations fail when CSRF protection is turned on

[lunkwill42]

Testing #3396 reveals that certain Dashboard manipulation features stop working once CSRF protection is turned on. These operations are based much in Javascript code that initiates POST requests.

Operations I have found to not work:

• Deleting widgets from my dashboard
• Setting a dashboard as my default dashboard
• Changing the number of columns on my current dashboard
• Changing the ordering of the widgets on my dashboard (it appears to work, but the persisting the changes fails in the background, as revealed by a reload: It seems every attempt to move widgets around causes them to be duplicated on my dashboard instead)

This needs to be investigated.