Thanks for your help, I checked that we did not use AEM's version of jQuery, so after I included "cq.jquery" in our template, the CSRF error disappeared.So from your advise, it would be better to use AEM's version of jQuery rather than others, isn't it? Cheers,