diff --git a/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java b/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java
index 7bdc3ed7..2880863c 100644
--- a/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java
+++ b/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java
@@ -20,6 +20,7 @@
 import com.giffing.bucket4j.spring.boot.starter.context.properties.Bucket4JConfiguration;
 import com.giffing.bucket4j.spring.boot.starter.context.properties.RateLimit;
 import com.giffing.bucket4j.spring.boot.starter.utils.Bucket4JUtils;
+import org.springframework.web.util.HtmlUtils;
 
 @RestController
 public class TestController {
@@ -107,7 +108,8 @@ public ResponseEntity updateBandwidth(
 		//validate that the filter, ratelimit and bandwidth all exist
 		Bucket4JConfiguration config = configCacheManager.getValue(filterId);
 		if (config == null) {
-			return ResponseEntity.status(HttpStatus.NOT_FOUND).body("No filter with id '" + filterId + "' could be found.");
+			String errorMessage = "No filter with id '" + filterId + "' could be found.";
+			return ResponseEntity.status(HttpStatus.NOT_FOUND).body(HtmlUtils.htmlEscape(errorMessage));
 		}
 		RateLimit rl = config.getRateLimits().get(limitIndex);
 		if (rl == null) {
@@ -115,7 +117,8 @@ public ResponseEntity updateBandwidth(
 		}
 		Optional<BandWidth> bw = rl.getBandwidths().stream().filter(x -> Objects.equals(x.getId(), bandwidthId)).findFirst();
 		if (bw.isEmpty()) {
-			return ResponseEntity.status(HttpStatus.NOT_FOUND).body("No bandwidth with id '" + bandwidthId + "' could be found.");
+			String errorMessage = "No bandwidth with id '" + bandwidthId + "' could be found.";
+			return ResponseEntity.status(HttpStatus.NOT_FOUND).body(HtmlUtils.htmlEscape(errorMessage));
 		}
 
 		//replace the bandwidth
diff --git a/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java b/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java
index 5f5fc65d..5f9424f4 100644
--- a/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java
+++ b/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java
@@ -15,7 +15,7 @@ public class SecurityConfig {
 
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-		http.csrf(AbstractHttpConfigurer::disable);
+		http.csrf(x -> x.ignoringRequestMatchers("/filters/**"));
 		http.authorizeHttpRequests(auth -> {
 			auth.requestMatchers("/unsecure").permitAll();
 			auth.requestMatchers("/actuator/*").permitAll();