Being able to enable/disable CSRF protection is a new feature of xCP 2.3 and it can be done by
setting the csrf-protection-enabled parameter for the xCP REST server to true or false.

The csrf-protection-enabled parameter can be found in the
xCPDesigner\Applications\xIS\xIS\src\main\resources\config\server-configuration.properties
file