diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
index e9a1c984e..b02d65916 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
@@ -18,7 +18,10 @@ module.exports.onBrand = function onBrand(brandObject) {
 module.exports.fetchGiftCards = async function fetchGiftCards() {
   return $.ajax({
     url: window.fetchGiftCardsUrl,
-    type: 'get',
+    type: 'post',
+    data: {
+      csrf_token: $('#adyen-token').val(),
+    },
   });
 };
 
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
index b6288b0e4..35731e414 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
@@ -9,12 +9,7 @@ const EXTERNAL_PLATFORM_VERSION = 'SFRA';
 /**
  * Show confirmation after return from Adyen
  */
-server.get(
-  'ShowConfirmation',
-  server.middleware.https,
-  csrf.generateToken,
-  adyen.showConfirmation,
-);
+server.get('ShowConfirmation', server.middleware.https, adyen.showConfirmation);
 
 /**
  *  Confirm payment status after receiving redirectResult from Adyen
@@ -52,7 +47,6 @@ server.post(
 server.get(
   'Redirect3DS1Response',
   server.middleware.https,
-  csrf.generateToken,
   adyen.redirect3ds1Response,
 );
 
@@ -202,10 +196,10 @@ server.post(
 /**
  * Called by Adyen to fetch applied giftcards
  */
-server.get(
+server.post(
   'fetchGiftCards',
   server.middleware.https,
-  csrf.generateToken,
+  csrf.validateRequest,
   adyen.fetchGiftCards,
 );