I think, CSRF token protection is better than using a plain AJAX request.

It is a config and should be configured with this template, because it should be a default configuration.
More can be found here-

https://timdows.com/projects/preventing-csrf-in-asp-net-core-combined-with-angularjs/

I am requesting you to have a look at this link and let me know if this is a good idea or not :)