In XNAT 1.5.4 the cross site request forgery protection demands a token when you post data. What's the preferred way to get or bypass that token?
Feel free to add details, link to an ongoing discussion in the XNAT Google Group, and so on.
Is this the same as the /REST/JSESSION token or something different?
I have a similar question about how to issue a GET request on public resources like /REST/subjects. Is there any way to access public metadata without first getting a JSESSION token?