Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r983271909da2c1554716243f9f965927bb6a79cb -r5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e)
@@ -148,6 +148,8 @@
 
 org.owasp.csrfguard.protected.notebookAuthoringSave=/lams/tool/lantbk11/authoring/updateContent.do
 org.owasp.csrfguard.protected.notebookAuthoringDefineLater=/lams/tool/lantbk11/authoring/definelater.do
+org.owasp.csrfguard.protected.notebookAuthoringSaveOrUpdateCond=/lams/tool/lantbk11/authoringCondition/saveOrUpdateCondition.do
+org.owasp.csrfguard.protected.notebookAuthoringRemoveCond=/lams/tool/lantbk11/authoringCondition/removeCondition.do
 org.owasp.csrfguard.protected.notebookMonitoringSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.notebookSaveTeacherComment=/lams/tool/lantbk11/monitoring/saveTeacherComment.do
 
Index: lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/AuthoringNotebookConditionController.java
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e
--- lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/AuthoringNotebookConditionController.java	(.../AuthoringNotebookConditionController.java)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/AuthoringNotebookConditionController.java	(.../AuthoringNotebookConditionController.java)	(revision 5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e)
@@ -126,7 +126,7 @@
      * @return
      * @throws ServletException
      */
-    @RequestMapping("/saveOrUpdateCondition")
+	@RequestMapping(path = "/saveOrUpdateCondition", method = RequestMethod.POST)
     private String saveOrUpdateCondition(
 	    @ModelAttribute("notebookConditionForm") NotebookConditionForm notebookConditionForm,
 	    HttpServletRequest request) {
@@ -166,7 +166,7 @@
      * @param response
      * @return
      */
-    @RequestMapping(value = "/removeCondition")
+    @RequestMapping(path = "/removeCondition", method = RequestMethod.POST)
     private String removeCondition(HttpServletRequest request) {
 
 	// get back sessionMAP
@@ -382,4 +382,4 @@
 	}
     }
 
-}
\ No newline at end of file
+}
Index: lams_tool_notebook/web/pages/authoring/addCondition.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e
--- lams_tool_notebook/web/pages/authoring/addCondition.jsp	(.../addCondition.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_notebook/web/pages/authoring/addCondition.jsp	(.../addCondition.jsp)	(revision 5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e)
@@ -15,6 +15,7 @@
 		 </form:form>		
 		<form:form action="authoringCondition/saveOrUpdateCondition.do" method="post"
 			modelAttribute="notebookConditionForm" id="notebookConditionForm" focus="displayName">
+			<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
 			<lams:errors/>
 			<form:hidden path="orderId" />
 
@@ -38,4 +39,4 @@
 			</a> 
 		</div>
 	</div>
-</div>
\ No newline at end of file
+</div>
Index: lams_tool_notebook/web/pages/authoring/conditions.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e
--- lams_tool_notebook/web/pages/authoring/conditions.jsp	(.../conditions.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_notebook/web/pages/authoring/conditions.jsp	(.../conditions.jsp)	(revision 5e32d730e8eec97f1e9b88ee9240cd79e9ec8d9e)
@@ -19,9 +19,11 @@
 	}
 
 	function deleteCondition(orderId, sessionMapID){
-		$("#conditionsArea").load("<c:url value='/authoringCondition/removeCondition.do'/>",{
-			'orderId' : orderId,
-			'sessionMapID' : sessionMapID
+		$.ajax({
+			async : false,
+			url : '<c:url value="/authoringCondition/removeCondition.do"/>',
+			data : 'orderId=' + orderId + '&sessionMapID=' + sessionMapID + '&<csrf:token/>',
+			type : "POST"
 		});
 	}
 	
@@ -41,7 +43,8 @@
 	//Packs additional elements and submits the question form
 	function submitCondition(){
 		var form = $('#notebookConditionForm');
-		$('#conditionInputArea').load(form.attr('action'), form.serialize());
+		var obj = form.serializeArray();
+		$('#conditionInputArea').load(form.attr('action'), obj);
 	} 
 </script>