The custom implementation for CSRF protection for the CAE has been removed. The CAE now uses and configures the CSRF protection provided by Spring Security. See new documentation Content Application Developer Manual - Protecting against Cross Site Request Forgery .

Please note that the CSRF token rendering in all custom templates has to be changed, because the parameter and header names and the type of the CSRF object are now different from the one used in the previous implementation. To prevent migration efforts (or to provide a migration phase for Your project), see Content Application Developer Manual - Backward Compatibility for CSRF Tokens in Legacy Templates .

(CMS-7305)