# Testing with CSRF Protection
When testing any non-safe HTTP methods and using Spring Security’s CSRF protection, you must be sure to include a valid CSRF Token in the request.
To specify a valid CSRF token as a request parameter use the CSRF RequestPostProcessor
like so:
Java
mvc
.perform(post("/").with(csrf()))
Kotlin
mvc.post("/") {
with(csrf())
}
If you like you can include CSRF token in the header instead:
Java
mvc
.perform(post("/").with(csrf().asHeader()))
Kotlin
mvc.post("/") {
with(csrf().asHeader())
}
You can also test providing an invalid CSRF token using the following:
Java
mvc
.perform(post("/").with(csrf().useInvalidToken()))
Kotlin
mvc.post("/") {
with(csrf().useInvalidToken())
}