[REFACTOR] Update SecurityConfig to clarify CSRF protection handling

997a2f64 · Darrel Danadyaksa Poli · ad11accf · 997a2f64
Commit 997a2f64 authored 3 months ago by Darrel Danadyaksa Poli
--- a/src/main/java/com/safetypin/authentication/security/SecurityConfig.java
+++ b/src/main/java/com/safetypin/authentication/security/SecurityConfig.java
@@ -16,7 +16,7 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
-                .csrf(AbstractHttpConfigurer::disable)  // Disable CSRF protection (not recommended for production)
+                // CSRF protection is enabled by default, so we don't disable it here
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/**").permitAll() // Allow all requests
                )