I'm using Vaadin 24.2 + Springboot 3.1.5 and Spring Security
So, according to this: Vaadin Docs
All requests between the client and the server are included with a user-session-specific CSRF token. All communication between them is handled by Vaadin, so you don’t have to include and verify CSRF tokens, manually.
Now, I need to disable CSRF protection (for specific organizational needs). How can I achieve this?
As documented here, there's a disable-xsrf-protection configuration option that you can set to true to disable the built-in protection.