Being able to enable/disable CSRF protection is a new feature of xCP 2.3 and it can be done bysetting the csrf-protection-enabled parameter for the xCP REST server to true or false. The csrf-protection-enabled parameter can be found in thexCPDesigner\Applications\xIS\xIS\src\main\resources\config\server-configuration.propertiesfile