diff --git a/samples/azure-ad-b2c-sample/auth-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java b/samples/azure-ad-b2c-sample/auth-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
index 09518d646..174088043 100644
--- a/samples/azure-ad-b2c-sample/auth-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
+++ b/samples/azure-ad-b2c-sample/auth-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
@@ -38,7 +38,6 @@ public class WebSecurityConfig {
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
     http.securityMatcher("/api/**")
-        .csrf(csrf -> csrf.disable())
         .cors(cors -> cors.configurationSource(request -> {
           CorsConfiguration conf = new CorsConfiguration();
           conf.setAllowCredentials(true);
diff --git a/samples/web-csr/dressca-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java b/samples/web-csr/dressca-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
index 5bbd9d0f8..1022f8e60 100644
--- a/samples/web-csr/dressca-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
+++ b/samples/web-csr/dressca-backend/web/src/main/java/com/dressca/web/security/WebSecurityConfig.java
@@ -31,7 +31,9 @@ public class WebSecurityConfig {
   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
     http
         .securityMatcher("/api/**")
-        .csrf(csrf -> csrf.disable())
+        // CSRF トークンを利用したリクエストの検証を無効化（ OAuth2.0 による認証認可を利用する前提のため）
+        // OAuth2.0 によるリクエストの検証を利用しない場合は、有効化して CSRF 対策を施す
+        .csrf(csrf -> csrf.ignoringRequestMatchers("/api/**"))
         .cors(cors -> cors.configurationSource(request -> {
           CorsConfiguration conf = new CorsConfiguration();
           conf.setAllowCredentials(true);