Given:
As a user of the Camunda Spring Boot Starter, I can use the Camunda Webapps which have the CSRF Prevention Filter enabled.

When:
I try to implement my own @RequestMapping("/api")

Then:
Requests to it will fail, and my current session will be closed since no CSRF token will be present.

Expected:
I can read about this limitation and not create a RequestMapping on "/api".

Note:
Reported as a problem on the forum: https://forum.camunda.org/t/startprocessinstancebykey-on-rest-api-postmapping/13508/16?u=nikola.koevski