CSRF when using REST

I’m using Yii2 as a REST backend and Angular.js as frontend. Authentication works via cookie. CORS is enabled and restricted to the frontend domain. Now I want to enable CSRF to enhance security, but I do not know how to get this working without the “comfort” of Yii doing this automatically (normally you use Yii2 views). Response format is set to FORMAT_JSON, so I have no meta tags in my response where I can set this token. How can I make this work? Do I have to extend the response handler so that each response object contains the token? What do I have to consider?

REST has nothing to do with cookies nor with csrf tokens.

Change your cookie thing and use JWT’s instead and don’t use csrf tokens at all, it makes no sense.

What makes JWT better than normal cookies for signing a user in?