Is the Mojarra 2.1.1 (SNAPSHOT 20110404) version and higher already protected against CSRF? Are the ajax requests also safe?
The spec sheet says it is. Why would AJAX be any different?