To avoid conflicts with other applications that use the same cookie name. The default should remain XSRF-TOKEN.
In these locations:
- Backend: "Classic" webapps (via web.xml)
- Backend: Webapps in Spring Boot (via application properties)
- Frontend: e.g. via a config.js
|In Webapps, I can change the csrf cookie name||Closed||Unassigned|
|CSRF cookie name set by server can be changed||Closed|
|I can read documentation how to change the csrf cookie name in webapps||Closed||Unassigned|