diff --git a/flow-server/src/main/java/com/vaadin/flow/server/AbstractConfiguration.java b/flow-server/src/main/java/com/vaadin/flow/server/AbstractConfiguration.java
index ad63fb9d5dd..3caa71d376f 100644
--- a/flow-server/src/main/java/com/vaadin/flow/server/AbstractConfiguration.java
+++ b/flow-server/src/main/java/com/vaadin/flow/server/AbstractConfiguration.java
@@ -17,6 +17,7 @@
 
 import java.io.Serializable;
 
+import static com.vaadin.flow.server.InitParameters.SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION;
 import static com.vaadin.flow.server.InitParameters.SERVLET_PARAMETER_USE_V14_BOOTSTRAP;
 
 /**
@@ -111,6 +112,9 @@ default boolean isPnpmEnabled() {
      *
      * @return true if XSRF protection is enabled, false otherwise.
      */
-    boolean isXsrfProtectionEnabled();
+    default boolean isXsrfProtectionEnabled() {
+        return !getBooleanProperty(SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION,
+                false);
+    }
 
 }
diff --git a/flow-server/src/main/java/com/vaadin/flow/server/PropertyDeploymentConfiguration.java b/flow-server/src/main/java/com/vaadin/flow/server/PropertyDeploymentConfiguration.java
index a8e4ea49da5..6df74f64a07 100644
--- a/flow-server/src/main/java/com/vaadin/flow/server/PropertyDeploymentConfiguration.java
+++ b/flow-server/src/main/java/com/vaadin/flow/server/PropertyDeploymentConfiguration.java
@@ -184,8 +184,7 @@ public boolean isRequestTiming() {
     @Override
     public boolean isXsrfProtectionEnabled() {
         if (isOwnProperty(SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION)) {
-            return !getBooleanProperty(
-                    SERVLET_PARAMETER_DISABLE_XSRF_PROTECTION, false);
+            return super.isXsrfProtectionEnabled();
         }
         return parentConfig.isXsrfProtectionEnabled();
     }