HOWTO do CSRF protection in Struts2 application for AJAX requests

Question

I have a struts2 webapp in which I need to implement CSRF protection. For statis forms it is pretty straight forward. I just need to activate the tokenSession i

Answer 1

Can't you generate a Token and use it as parameter in the ajax call ?

For the subsequent AJAX calls, you can use a per-user Token,

not necessarily a per-request Token,

as explained in this SO answer: Do I need a CSRF token for jQuery .ajax()?