Whether you need to include the form in what you send is up to you. But you’re sending one object, one that you have named “facialImage”. Anything being sent by this line:
$.post(URL, facialImage, function(response){
needs to be a member of that object.
The docs referenced above describe what you need to do for the csrf token data, and the different variances that may exist depending upon your specific situation.