When using the image browser widget inside the Editor widget, there is a possibility to add extra headers to support the antiforgerytoken.
But inside the image browser, the upload widget is used, and there is no configuration possibility to add a header.
A way around is to intercept the upload call via javascript and to bind to the XMLHttpRequest object. With this we can add a header. But this doesn't work for example in IE9, because no XMLHttpRequest support.

        <textarea kendo-editor="editorWidget" k-ng-model="data.processModelHtml"
                  k-resizable="true"
                  k-tools="['bold','italic','underline','strikethrough','justifyLeft','justifyCenter','justifyRight','justifyFull','insertUnorderedList','insertOrderedList','indent','outdent','createLink','unlink','insertImage','subscript','superscript','createTable','addRowAbove','addRowBelow','addColumnLeft','addColumnRight','deleteRow','deleteColumn','viewHtml','formatting','cleanFormatting','fontName','fontSize','foreColor','backColor','print']"
                  k-image-browser="{ messages: { dropfileshere: 'Drop files here' }, transport: { read: { url:'api/imageapi/getimages', dataType: 'json', headers: { 'RequestVerificationToken': '@Html.RequestVerificationToken()' } }, destroy: { url: 'api/imageapi/deleteimage' , type: 'DELETE', dataType: 'json', headers: { 'RequestVerificationToken' : '@Html.RequestVerificationToken()' } }, create: { url: 'api/imageapi/addimagefolder', type: 'POST', dataType: 'json', headers: { 'RequestVerificationToken' : '@Html.RequestVerificationToken()' } }, thumbnailUrl: 'api/imageapi/getthumbnailimage', uploadUrl: 'api/imageapi/addimage', imageUrl: 'api/imageapi/getimage?path={0}' } }"></textarea>

==> not only uploadUrl parameter, but the same configuration mechanisme like for the transport read, delete, ...

Regards,