From d9e7ab724d5bf9a521ce367c1d5f9f61c67a6385 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Tue, 11 Oct 2016 11:41:48 -0400
Subject: [PATCH] disabling csrf

---
 .../src/main/java/org/owasp/webgoat/WebSecurityConfig.java       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
index 6d6e9db31..92348f77a 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
@@ -64,6 +64,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         security.and()
                 .logout()
                 .permitAll();
+        security.and().csrf().disable();
         http.headers().cacheControl().disable();
 
     }