Spring Security Inaccurate javadoc text in setRequestHandler method of CsrfFilter class

Expected Behavior

In version 6.0, the default CsrfTokenRequestHandler of the CsrfFilter class has changed to XorCsrfTokenRequestAttributeHandler and the javadoc of the setRequestHandler method should reflect this change.

Current Behavior

The javadoc of the setRequestHandler method still says that the default is the CsrfTokenRequestAttributeHandler.

Although XorCsrfTokenRequestAttributeHandler is a subclass of CsrfTokenRequestAttributeHandler, the behavior is quite different.

Context

In this line, the requestHandler is initialized with a XorCsrfTokenRequestAttributeHandler instance.

And in this line the javadoc inform the default CsrfTokenRequestHandler.

Comment From: sjohnr

Thanks @wldomiciano! ~Are you interested in submitting a PR to address the javadoc?~ Nevermind, I see the PR.