diff --git a/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFHandlerInterceptor.java b/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFHandlerInterceptor.java
index 9d7d634e23103fb51635cf66e52541330cd52deb..899edf0bf9397b46ea85a49e384ffb8e5f171780 100644
--- a/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFHandlerInterceptor.java
+++ b/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFHandlerInterceptor.java
@@ -135,7 +135,7 @@ public class CSRFHandlerInterceptor extends HandlerInterceptorAdapter{
 							}
 						}
 						if (!valueCheck) {
-							LOGGER.warn("POST request field " + paramName + " not allowed value=" + paramValue);
+							LOGGER.warn("POST request field " + paramName + " not allowed actual value=\n" + paramValue + "\nPrevious value=\n" + ff.getParameterValue().iterator().next());
 							throw new BusinessException(new UserMessage("error.security.unauthorizedRequest"));
 							//response.sendError(HttpServletResponse.SC_FORBIDDEN, "Bad form field parameter value");
 							//return false;
@@ -177,6 +177,8 @@ public class CSRFHandlerInterceptor extends HandlerInterceptorAdapter{
 	}
 	
 	protected boolean checkSameValue(String paramValue, String savedValue, String type, Object actualValue) {
+		paramValue = StringUtils.trimToEmpty(paramValue);
+		savedValue = StringUtils.trimToEmpty(savedValue);
 		if (paramValue.equals(savedValue)) {
 			return true;
 		}
diff --git a/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFRequestDataValueProcessor.java b/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFRequestDataValueProcessor.java
index 18dd01054f66dce33d964642a5fdedd7b8654fb1..ac80ebcdeaee9716e21b1abf3d85f0c5c64d0566 100644
--- a/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFRequestDataValueProcessor.java
+++ b/voila-runtime-springmvc/src/main/java/it/mice/voila/runtime/springmvc/csrf/CSRFRequestDataValueProcessor.java
@@ -7,6 +7,7 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.web.servlet.support.RequestDataValueProcessor;
@@ -35,6 +36,9 @@ public class CSRFRequestDataValueProcessor implements RequestDataValueProcessor
 	}
 
 	public String processFormFieldValue(HttpServletRequest request, String name, String value, String type) {
+		if (value != null) {
+			value = StringUtils.trimToEmpty(value);
+		}
 		LOGGER.debug("processFormFieldValue: name=" + name + ", value=" + value + ", type=" + type);
 		TagUtils.getSecuritySessionBean().addFormField(name, value, type);
 		return value;