In the HttpSecurity#csrf() Javadoc, we should explicitly mention that this method enables CSRF protection.
It may be unclear to users whether calling .csrf() enables CSRF protection or allows CSRF attacks to happen.
In the HttpSecurity#csrf() Javadoc, we should explicitly mention that this method enables CSRF protection.
It may be unclear to users whether calling .csrf() enables CSRF protection or allows CSRF attacks to happen.