Csrf fix

[muralibasani]

Linked issue

Resolves: #xxxxx

• In WebSecurity, create a csrf token
• After login, add the token in header
• Update frontend Angular with csrf token
• Update React with csrf token (tbd)

What kind of change does this PR introduce?

• Bug fix
• New feature
• Refactor
• Docs update
• CI update

What is the current behavior?

Describe the state of the application before this PR. Illustrations appreciated (videos, gifs, screenshots).

What is the new behavior?

Describe the state of the application after this PR. Illustrations appreciated (videos, gifs, screenshots).

Other information

Additional changes, explanations of the approach taken, unresolved issues, necessary follow ups, etc.

Requirements (all must be checked before review)

• The pull request title follows our guidelines
• Tests for the changes have been added (if relevant)
• The latest changes from the main branch have been pulled
• pnpm lint has been run successfully

[programmiri]

As far as I understand it, usually X-XSRF-TOKEN is enough, but it seems BE expects X-XSRF-TOKEN to be sent, too. There may be a legacy/backwards-compatibility config in BE for this. Angular sends both, so I added it to be consistent (and well, because we need to to work :D)

[muralibasani]

Good one. I missed to update it back.
Now I updated BE to use only X-XSRF-TOKEN. It works in Angular.
Can you pls try removing it and see if it works in react too ?

[aindriu-aiven]

this is my only outstanding question as well aside from that i think it looks good.

[roope-kar]

coral side looks good to me 👍🏼