mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-21 22:05:48 +00:00
d4218c70f1
Currently CookieCsrfTokenRepository does not specify that the httpOnly flag needs set to false. We should update the reference to include this setting (and a comment about it) since it states that the settings will work with AngularJS. This commit updates the documentation and provides a convenience factory method to create a CookieCsrfTokenRepository with cookiHttpOnly=false Fixes gh-3865