We should improve documentation of SecurityMockMvcRequestPostProcessors.csrf() to clarify usage and suggestions when customizing CsrfTokenRequestHandler. Areas to address:
- Testing with CSRF Protection - Should mention caveats when CSRF request/response is not symmetrical (such as in the case of I am using AngularJS or another Javascript framework in the migration guide) and provide at least one example of a custom post processor for such cases.
- Opt out Steps in the 5.8 migration guide - Should provide hints to watch out for impacts to testing with MockMvc when customizing CSRF protection.
Issue gh-12774