Spring Security Make the cookie secure flag configurable in CookieServerCsrfTokenRepository

Expected Behavior

The CookieCsrfTokenRepository for Spring MVC applications supports configuring the secure flag for the XSRF-TOKEN cookie. The CookieServerCsrfTokenRepository for Spring WebFlux applications should provide the same option.

Current Behavior

The CookieServerCsrfTokenRepository for Spring WebFlux applications doesn't allow configuring the secure flag for the XSRF-TOKENcookie.

Context

The secure flag is currently set to true when the TLS termination is on the application itself. If it's on a firewall or proxy, then it's always false.

Reference to the same change done for servlet-based applications: https://github.com/spring-projects/spring-security/pull/8749

Suggested solution: https://github.com/spring-projects/spring-security/pull/9679 (PR)