If the request is coming from outside AEM(some third party application) then you can exclude the post servlet path in the CSRF filter configuration. Also, if you are using AEM 6.3 then you can configure Cross Origin configuration to allow requests(Post, put, delete) from trusted domains.