The following curl command can be used to request a directory listing from HDFS while passing in the expected header X-XSRF-Header.
curl -k -i --header "X-XSRF-Header:
valid" -v -u guest:guest-password
https://localhost:8443/gateway/sandbox/webhdfs/v1/tmp?op=LISTSTATUS
Omitting the –header “X-XSRF-Header: valid” above results in an HTTP 400 bad_request. Disabling the provider, by setting csrf.enabled to false allows a request that is missing the header.