diff --git a/demo-shell-ng2/app/app.component.css b/demo-shell-ng2/app/app.component.css
index 87031d33ee..700caa1af0 100644
--- a/demo-shell-ng2/app/app.component.css
+++ b/demo-shell-ng2/app/app.component.css
@@ -3,3 +3,7 @@
         display: none;
     }
 }
+
+.mdl-layout-title{
+    font-size: 17px;
+}
diff --git a/demo-shell-ng2/app/app.component.html b/demo-shell-ng2/app/app.component.html
index 1af16f7c27..c137435097 100644
--- a/demo-shell-ng2/app/app.component.html
+++ b/demo-shell-ng2/app/app.component.html
@@ -61,6 +61,11 @@
             <input type="text" class="mdl-textfield__input" id="bpmHost" data-automation-id="bpmHost"
                    tabindex="1" (change)="onChangeBPMHost($event)" value="{{bpmHost}}"/>
         </nav>
+        <span class="mdl-layout-title">CSRF Token Disabled</span>
+        <nav class="mdl-navigation">
+            <input type="text" class="mdl-textfield__input" id="csrfDisabled" data-automation-id="csrfDisabled"
+                   tabindex="1" (change)="onChangeCsrf($event)" value="{{csrfDisabled}}"/>
+        </nav>
     </div>
     <main class="mdl-layout__content">
         <div class="page-content">
diff --git a/demo-shell-ng2/app/app.component.ts b/demo-shell-ng2/app/app.component.ts
index 1b186c1fcc..bf1eab0056 100644
--- a/demo-shell-ng2/app/app.component.ts
+++ b/demo-shell-ng2/app/app.component.ts
@@ -37,6 +37,7 @@ export class AppComponent {
 
     ecmHost: string = 'http://' + window.location.hostname + ':8080';
     bpmHost: string = 'http://' + window.location.hostname + ':9999';
+    csrfDisabled: boolean = false;
 
     constructor(public auth: AlfrescoAuthenticationService,
                 public router: Router,
@@ -44,6 +45,7 @@ export class AppComponent {
                 public alfrescoSettingsService: AlfrescoSettingsService) {
         this.setEcmHost();
         this.setBpmHost();
+        this.setCsrfToken();
 
         this.translate = translate;
         this.translate.addTranslationFolder();
@@ -63,6 +65,13 @@ export class AppComponent {
         localStorage.setItem(`bpmHost`, this.bpmHost);
     }
 
+    public onChangeCsrf(event: KeyboardEvent): void {
+        console.log((<HTMLInputElement>event.target).value);
+        this.csrfDisabled = !!(<HTMLInputElement>event.target).value;
+        this.alfrescoSettingsService.csrfDisabled = this.csrfDisabled;
+        localStorage.setItem(`csrfDisabled`, this.csrfDisabled.toString());
+    }
+
     isLoggedIn(): boolean {
         return this.auth.isLoggedIn();
     }
@@ -120,4 +129,13 @@ export class AppComponent {
             this.alfrescoSettingsService.bpmHost = this.bpmHost;
         }
     }
+
+    private setCsrfToken() {
+        if (localStorage.getItem(`csrfDisabled`)) {
+            this.alfrescoSettingsService.bpmHost = localStorage.getItem(`csrfDisabled`);
+            this.csrfDisabled = !!localStorage.getItem(`csrfDisabled`);
+        } else {
+            this.alfrescoSettingsService.csrfDisabled = this.csrfDisabled;
+        }
+    }
 }
diff --git a/ng2-components/ng2-alfresco-core/src/services/AlfrescoAuthentication.service.ts b/ng2-components/ng2-alfresco-core/src/services/AlfrescoAuthentication.service.ts
index 174c626ae2..50313d5c89 100644
--- a/ng2-components/ng2-alfresco-core/src/services/AlfrescoAuthentication.service.ts
+++ b/ng2-components/ng2-alfresco-core/src/services/AlfrescoAuthentication.service.ts
@@ -44,7 +44,8 @@ export class AlfrescoAuthenticationService {
             ticketBpm: this.getTicketBpm(),
             hostEcm: this.settingsService.ecmHost,
             hostBpm: this.settingsService.bpmHost,
-            contextRoot: 'alfresco'
+            contextRoot: 'alfresco',
+            disableCsrf: true
         });
 
         settingsService.bpmHostSubject.subscribe((bpmHost) => {
@@ -55,6 +56,10 @@ export class AlfrescoAuthenticationService {
             this.alfrescoApi.changeEcmHost(ecmHost);
         });
 
+        settingsService.csrfSubject.subscribe((csrf) => {
+            this.alfrescoApi.changeCsrfConfig(csrf);
+        });
+
         settingsService.providerSubject.subscribe((value) => {
             this.alfrescoApi.config.provider = value;
         });
diff --git a/ng2-components/ng2-alfresco-core/src/services/AlfrescoSettings.service.ts b/ng2-components/ng2-alfresco-core/src/services/AlfrescoSettings.service.ts
index 012e35c3a2..55a46de707 100644
--- a/ng2-components/ng2-alfresco-core/src/services/AlfrescoSettings.service.ts
+++ b/ng2-components/ng2-alfresco-core/src/services/AlfrescoSettings.service.ts
@@ -23,11 +23,13 @@ export class AlfrescoSettingsService {
 
     static DEFAULT_ECM_ADDRESS: string = 'http://' + window.location.hostname + ':8080';
     static DEFAULT_BPM_ADDRESS: string = 'http://' + window.location.hostname + ':9999';
+    static DEFAULT_CSRF_CONFIG: boolean = false;
 
     static DEFAULT_BPM_CONTEXT_PATH: string = '/activiti-app';
 
     private _ecmHost: string = AlfrescoSettingsService.DEFAULT_ECM_ADDRESS;
     private _bpmHost: string = AlfrescoSettingsService.DEFAULT_BPM_ADDRESS;
+    private _csrfDisabled: boolean = AlfrescoSettingsService.DEFAULT_CSRF_CONFIG;
 
     private _bpmContextPath = AlfrescoSettingsService.DEFAULT_BPM_CONTEXT_PATH;
 
@@ -35,12 +37,18 @@ export class AlfrescoSettingsService {
 
     public bpmHostSubject: Subject<string> = new Subject<string>();
     public ecmHostSubject: Subject<string> = new Subject<string>();
+    public csrfSubject: Subject<boolean> = new Subject<boolean>();
     public providerSubject: Subject<string> = new Subject<string>();
 
     public get ecmHost(): string {
         return this._ecmHost;
     }
 
+    public set csrfDisabled(csrfDisabled: boolean) {
+        this.csrfSubject.next(csrfDisabled);
+        this._csrfDisabled = csrfDisabled;
+    }
+
     public set ecmHost(ecmHostUrl: string) {
         this.ecmHostSubject.next(ecmHostUrl);
         this._ecmHost = ecmHostUrl;