Disable Vaadin CSRF

I'm using Vaadin 24.2 + Springboot 3.1.5 and Spring Security

So, according to this: Vaadin Docs

All requests between the client and the server are included with a user-session-specific CSRF token. All communication between them is handled by Vaadin, so you don’t have to include and verify CSRF tokens, manually.

Now, I need to disable CSRF protection (for specific organizational needs). How can I achieve this?

Solution

As documented here, there's a disable-xsrf-protection configuration option that you can set to true to disable the built-in protection.

How to override default Tomcat 404 not found html page in Spring Boot 3.2?
How to log SQL parameters binding in JPA queries with Spring Boot 3?
How to log SQL statements with query param values in Spring Boot 3/Hibernate 6
Spring Boot - Logback Configuration - Annoying Boilerplate at beginning of log
Java Spring Boot: How to map my app root (“/”) to index.html?
Unable to Insert image from classpath into PDF using PDFBox
Spring boot ddl auto generator
SpringBoot 3, hibernate 6 tables not created
UTF-8 encoding of application.properties attributes in Spring-Boot
Implementing Custom Expression Handling with Spring Security 6
my Spring CustomSecurityExpressionRoot not working
MySQL Testcontainer Timezone Issue When Using Spring Data JDBC
How to read data from java properties file using Spring Boot
Does adding @Transactional annotation to method is a must when making database calls?
@EnableGlobalMethodSecurity is deprecated in the new spring boot 3.0
Scheduler not running in Spring Boot
SpringBoot EventListener don't receive events
http call with Multipart form data is failing after spring upgrade
Karate framework fails to find tests in multi module Spring Framework
Connecting to queue or creating on non-existence in spring-rabbitmq
Spring Security blocks POST requests despite SecurityConfig
Weird autoincrement issue on Spring Boot 3.3.0 with MySQL 8
Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback with no error in console
Disable exemplars support in Spring Boot 3.2 to avoid Prometheus problem with scrapping metrics
What happened to SimpleRemoteStatelessSessionProxyFactoryBean?
Spring Boot Restful Service and CORS problem
What is the best way to test that a spring application context fails to start?
Using org.commonsources.correlation.filter.CorrelationHeaderFilter throws Caused by: java.io.IOException: Failed to load class [javax.servlet.Filter]
Cannot convert grib2 to geotiff in SpringBoot app
Spring Boot JPA H2 Console not running, application.properties file ignored