I have a page, user comes and select his plan and click the button to navigate to next page. on clicking the button UI(react) will make ajax call to sling servlet and post the user selected values as request payload(request data).
Here we have a situation we could able to trap the request using burp proxy interceptor and tampering the request and the same changed values server accepting. Expecting behavior :server not to accept the manipulated data and should throw error.
I tried enabling CSRF token for Servlets and I can see CSRF-Token in request header as well. still did not worked for me.