Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r47c01513981c11359304562c8f9ba39a2f0c0ba5 -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 47c01513981c11359304562c8f9ba39a2f0c0ba5)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -125,6 +125,11 @@
 
 org.owasp.csrfguard.protected.laqaAuthoringSave=/lams/tool/laqa11/authoring/submitAllContent.do
 org.owasp.csrfguard.protected.laqaAuthoringDefineLater=/lams/tool/laqa11/authoring/definelater.do
+org.owasp.csrfguard.protected.laqaAuthoringAddSingleQ=/lams/tool/laqa11/authoring/addSingleQuestion.do
+org.owasp.csrfguard.protected.laqaAuthoringSaveSingleQ=/lams/tool/laqa11/authoring/saveSingleQuestion.do
+org.owasp.csrfguard.protected.laqaAuthoringRemoveQ=/lams/tool/laqa11/authoring/removeQuestion.do
+org.owasp.csrfguard.protected.laqaAuthoringSaveOrUpdateCondition=/lams/tool/laqa11/authoringConditions/saveOrUpdateCondition.do
+org.owasp.csrfguard.protected.laqaAuthoringRemoveCondition=/lams/tool/laqa11/authoringConditions/removeCondition.do
 org.owasp.csrfguard.protected.laqaMonitoringSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
 
 org.owasp.csrfguard.protected.larsrcAuthoringSave=/lams/tool/larsrc11/authoring/update.do
Index: lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringConditionController.java
===================================================================
diff -u -r69092337b728f903f824a74377bd0ebf9391120c -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringConditionController.java	(.../QaAuthoringConditionController.java)	(revision 69092337b728f903f824a74377bd0ebf9391120c)
+++ lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringConditionController.java	(.../QaAuthoringConditionController.java)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -51,6 +51,7 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 /**
  * Auxiliary action in author mode. It contains operations with QaCondition. The
@@ -127,7 +128,7 @@
      * @return
      * @throws ServletException
      */
-    @RequestMapping(value = "/saveOrUpdateCondition")
+    @RequestMapping(path = "/saveOrUpdateCondition", method = RequestMethod.POST)
     private String saveOrUpdateCondition(@ModelAttribute("QaConditionForm") QaConditionForm QaConditionForm,
 	    HttpServletRequest request) {
 
@@ -164,7 +165,7 @@
      * @param request
      * @return
      */
-    @RequestMapping("/removeCondition")
+    @RequestMapping(path = "/removeCondition",  method = RequestMethod.POST)
     private String removeCondition(HttpServletRequest request) {
 
 	// get back sessionMAP
@@ -441,4 +442,4 @@
 	return errorMap;
     }
 
-}
\ No newline at end of file
+}
Index: lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringController.java
===================================================================
diff -u -r845b503553ad948cb5db7b89950f7c5251ada5d7 -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringController.java	(.../QaAuthoringController.java)	(revision 845b503553ad948cb5db7b89950f7c5251ada5d7)
+++ lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaAuthoringController.java	(.../QaAuthoringController.java)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -610,7 +610,7 @@
     /**
      * saveSingleQuestion
      */
-    @RequestMapping("/saveSingleQuestion")
+    @RequestMapping(path = "/saveSingleQuestion", method = RequestMethod.POST)
     public String saveSingleQuestion(@ModelAttribute("newQuestionForm") QaAuthoringForm newQuestionForm,
 	    HttpServletRequest request) throws IOException, ServletException {
 
@@ -729,7 +729,7 @@
     /**
      * addSingleQuestion
      */
-    @RequestMapping("/addSingleQuestion")
+    @RequestMapping(path = "/addSingleQuestion", method = RequestMethod.POST)
     public String addSingleQuestion(@ModelAttribute("newQuestionForm") QaAuthoringForm newQuestionForm,
 	    HttpServletRequest request) throws IOException, ServletException {
 
@@ -893,7 +893,7 @@
     /**
      * removes a question from the questions map
      */
-    @RequestMapping("/removeQuestion")
+    @RequestMapping(path = "/removeQuestion", method = RequestMethod.POST)
     public String removeQuestion(@ModelAttribute("newQuestionForm") QaAuthoringForm newQuestionForm,
 	    HttpServletRequest request) throws IOException, ServletException {
 
Index: lams_tool_laqa/web/authoring/addCondition.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_tool_laqa/web/authoring/addCondition.jsp	(.../addCondition.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_laqa/web/authoring/addCondition.jsp	(.../addCondition.jsp)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -13,6 +13,7 @@
 	 </form:form>
 		<!-- Basic Info Form-->
 		<form:form action="/lams/tool/laqa11/authoringConditions/saveOrUpdateCondition.do" method="post" modelAttribute="QaConditionForm" id="QaConditionForm" >
+			<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
 			<lams:errors/>
 			<form:hidden path="orderId" />
 			
@@ -41,4 +42,4 @@
 			<a href="#" onclick="submitCondition()" class="btn btn-default btn-xs"><fmt:message key="label.save.question" /> </a>
 		</div>
 	</div>
-</div>
\ No newline at end of file
+</div>
Index: lams_tool_laqa/web/authoring/conditions.jsp
===================================================================
diff -u -r658034e7f07579dd682db62112b9353b3a0d3f65 -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_tool_laqa/web/authoring/conditions.jsp	(.../conditions.jsp)	(revision 658034e7f07579dd682db62112b9353b3a0d3f65)
+++ lams_tool_laqa/web/authoring/conditions.jsp	(.../conditions.jsp)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -19,10 +19,13 @@
 	}
 	
 	function deleteCondition(orderId, sessionMapID){
-		$("#conditionsArea").load("<c:url value='/authoringConditions/removeCondition.do'/>",{
-			'orderId' : orderId,
-			'sessionMapID' : sessionMapID
-		});
+		$.ajax({
+			async : false,
+			url : '<c:url value="/authoringConditions/removeCondition.do"/>',
+			data : 'orderId=' + orderId + '&sessionMapID=' + sessionMapID + '&<csrf:token/>',
+			type : "POST"
+			});
+
 	}
 	
 	function upCondition(orderId,sessionMapID){
@@ -41,7 +44,8 @@
 	//Packs additional elements and submits the question form
 	function submitCondition(){
 		var form = $('#QaConditionForm');
-		$('#conditionInputArea').load(form.attr('action'), form.serialize());
+		var obj = form.serializeArray();
+		$('#conditionInputArea').load(form.attr('action'), obj);
 	} 
 
 </script>
@@ -57,4 +61,4 @@
 		class="btn btn-default btn-sm"><i class="fa fa-plus"></i>&nbsp;<fmt:message key="label.authoring.conditions.add.condition" /></a> 
 </div>
 
-<div id="conditionInputArea" name="conditionInputArea" class="voffset10"></div>
\ No newline at end of file
+<div id="conditionInputArea" name="conditionInputArea" class="voffset10"></div>
Index: lams_tool_laqa/web/authoring/newQuestionBox.jsp
===================================================================
diff -u -rb7b682644cd1d20e061092b1411eeb679a1f9fb2 -r983271909da2c1554716243f9f965927bb6a79cb
--- lams_tool_laqa/web/authoring/newQuestionBox.jsp	(.../newQuestionBox.jsp)	(revision b7b682644cd1d20e061092b1411eeb679a1f9fb2)
+++ lams_tool_laqa/web/authoring/newQuestionBox.jsp	(.../newQuestionBox.jsp)	(revision 983271909da2c1554716243f9f965927bb6a79cb)
@@ -5,7 +5,8 @@
 </div>
 
 <div class="panel-body">
-<form:form action="${empty newQuestionForm.editableQuestionIndex ? 'addSingleQuestion.do' : 'saveSingleQuestion.do'}" modelAttribute="newQuestionForm" id="newQuestionForm" method="POST">
+	<c:set var="csrfToken"><csrf:token/></c:set>
+	<form:form action="${empty newQuestionForm.editableQuestionIndex ? 'addSingleQuestion.do' : 'saveSingleQuestion.do'}?${csrfToken}" modelAttribute="newQuestionForm" id="newQuestionForm" method="POST">
 	<form:hidden path="toolContentID" />
 	<form:hidden path="httpSessionID" />
 	<form:hidden path="contentFolderID" />
@@ -44,4 +45,4 @@
 	</div>
 </form:form>
 </div>
-</div>
\ No newline at end of file
+</div>