We have a web application implemented with Spring Framework. An scenario is:
1. a user logs in,
2. she fills out a form, then click on a button to create an order. The click...
For step 1, I found that:
1. if I disable CSRF in the web app, the AJAX post request will go through.
2. if I enable CSRF, then extract the csrf token from login page, and use...