The RequestFactory version of GWT RPC XSRF protection

[Alexander Orlov]

There is the GWT RPC XSRF protection to make GWT apps more secure. I know that RequestFactory isn't using "GWT RPC" although RF is using JSON to communicate with the backend just like GWT RPC does.

So does RF has a built-in XSRF protection or do I have to use a server-side token to prevent any unauthorized requests to the database?