why application/json content type have csrf token?

If Json Applications are properly verifying the content type and have well configured crossdomain.xml, then why they still used csrf token?

Could anybody tell me , why they use csrf token ?

AFAIK, there is no way to execute csrf attack , if both above things are configured properly.