We should default to Xor CSRF tokens in 6.0, but CsrfAuthenticationStrategy still uses CsrfTokenRequestAttributeHandler by default instead of XorCsrfTokenRequestAttributeHandler.
Related gh-11960
We should default to Xor CSRF tokens in 6.0, but CsrfAuthenticationStrategy still uses CsrfTokenRequestAttributeHandler by default instead of XorCsrfTokenRequestAttributeHandler.
Related gh-11960