diff --git a/README.md b/README.md
index aa5389d..ea3cdce 100644
--- a/README.md
+++ b/README.md
@@ -96,14 +96,7 @@ The plugin also includes other custom REST APIs.
 
     b. Follow the "Enabling Authentication" section below.
 
-7. We need to replace the `CSRF_ENABLED` attribute with `WTF_CSRF_ENABLED`. 
-   This change is required to support the POST method when RBAC is enabled with JWT.
-   Please add the following property in the `{AIRFLOW_HOME}/webserver_config.py` file.
-
-        # Flask-WTF flag for CSRF
-        WTF_CSRF_ENABLED = False
-
-8. Restart the Airflow Web Server
+7. Restart the Airflow Web Server
 
 ### Enabling Authentication
 
diff --git a/plugins/rest_api_plugin.py b/plugins/rest_api_plugin.py
index 9c14d77..f9ec8f1 100644
--- a/plugins/rest_api_plugin.py
+++ b/plugins/rest_api_plugin.py
@@ -22,6 +22,13 @@
 from flask_jwt_extended.view_decorators import jwt_required, verify_jwt_in_request
 
 
+try:
+    from airflow.www_rbac.app import csrf as rbac_csrf
+except ImportError:
+    def rbac_csrf():
+        pass
+    rbac_csrf.exempt = lambda view: view
+
 """
 CLIs this REST API exposes are Defined here: http://airflow.incubator.apache.org/cli.html
 """
@@ -805,6 +812,7 @@ def index(self):
     @csrf.exempt  # Exempt the CSRF token
     @admin_expose('/api', methods=["GET", "POST"])  # for Flask Admin
     # for Flask AppBuilder
+    @rbac_csrf.exempt  # Exempt the CSRF token
     @app_builder_expose('/api', methods=["GET", "POST"])
     @http_token_secure  # On each request
     @jwt_token_secure  # On each request