Spring Security Support reading specific HTTP Request CSRF tokens only from header

Summary

This would be nice to solve the fact that protecting multipart requests (file uploads) from CSRF attacks causes a chicken and the egg problem. In order to prevent a CSRF attack from occurring, the body of the HTTP request must be read to obtain actual CSRF token. However, reading the body means that the file will be uploaded which means an external site can upload a file. We could use JavaScript to do the upload and include the token in the headers and force the reading of multipart request actual CSRF tokens to be the header.