// The team decided to disable default CSRF Spring protection and not implement CSRF tokens validation.
// CPS is a stateless REST API that is not as vulnerable to CSRF attacks as web applications running in
// web browsers are. CPS does not manage sessions, each request requires the authentication token in the header.
// See https://docs.spring.io/spring-security/site/docs/5.3.8.RELEASE/reference/html5/#csrf
@SuppressWarnings("squid:S4502")
// The team decided to disable default CSRF Spring protection and not implement CSRF tokens validation.
// CPS is a stateless REST API that is not as vulnerable to CSRF attacks as web applications running in
// web browsers are. CPS does not manage sessions, each request requires the authentication token in the header.
// See https://docs.spring.io/spring-security/site/docs/5.3.8.RELEASE/reference/html5/#csrf
@SuppressWarnings("squid:S4502")