diff --git a/core/modules/system/src/Tests/Form/ValidationTest.php b/core/modules/system/src/Tests/Form/ValidationTest.php
index 1d130f96f8b4d4d44a943b206a7b15f9ead4879e..693d0af9e9e8a73894176c584f811163d8720c50 100644
--- a/core/modules/system/src/Tests/Form/ValidationTest.php
+++ b/core/modules/system/src/Tests/Form/ValidationTest.php
@@ -75,6 +75,14 @@ function testValidate() {
     $this->assertText('The form has become outdated. Copy any unsaved work in the form below');
   }
 
+  /**
+   * Tests that a form with a disabled CSRF token can be validated.
+   */
+  function testDisabledToken() {
+    $this->drupalPostForm('form-test/validate-no-token', [], 'Save');
+    $this->assertText('The form_test_validate_no_token form has been submitted successfully.');
+  }
+
   /**
    * Tests partial form validation through #limit_validation_errors.
    */
diff --git a/core/modules/system/tests/modules/form_test/form_test.routing.yml b/core/modules/system/tests/modules/form_test/form_test.routing.yml
index 82243faa1a62afa3d869092c5c2dfcd7287f330e..e4804048f83929124326c3012cc6d54302f5a359 100644
--- a/core/modules/system/tests/modules/form_test/form_test.routing.yml
+++ b/core/modules/system/tests/modules/form_test/form_test.routing.yml
@@ -100,6 +100,14 @@ form_test.validate_required_no_title:
   requirements:
     _access: 'TRUE'
 
+form_test.validate_without_csrf_token:
+  path: '/form-test/validate-no-token'
+  defaults:
+    _form: '\Drupal\form_test\Form\FormTestValidateNoToken'
+    _title: 'Form validation on forms with a disabled CSRF token'
+  requirements:
+    _access: 'TRUE'
+
 form_test.validate_with_error_suppresion:
   path: '/form-test/limit-validation-errors'
   defaults:
diff --git a/core/modules/system/tests/modules/form_test/src/Form/FormTestValidateNoToken.php b/core/modules/system/tests/modules/form_test/src/Form/FormTestValidateNoToken.php
new file mode 100644
index 0000000000000000000000000000000000000000..fd29284913b53ab16a09fb3b94fa70fdd8521993
--- /dev/null
+++ b/core/modules/system/tests/modules/form_test/src/Form/FormTestValidateNoToken.php
@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\form_test\Form\FormTestValidateNoToken.
+ */
+
+namespace Drupal\form_test\Form;
+
+use Drupal\Core\Form\FormBase;
+use Drupal\Core\Form\FormStateInterface;
+
+/**
+ * Form to test the validation of forms with a disabled CSRF token.
+ */
+class FormTestValidateNoToken extends FormBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'form_test_validate_no_token';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    $form['#token'] = FALSE;
+    $form['submit'] = [
+      '#type' => 'submit',
+      '#value' => 'Save',
+    ];
+    return $form;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    drupal_set_message('The form_test_validate_no_token form has been submitted successfully.');
+  }
+
+}