add CsrfAccessDeniedHandler make 400

src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt

@@ -1,5 +1,6 @@
 package ltd.hlaeja.configuration
 
+import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpStatus.FOUND
@@ -15,6 +16,7 @@ class SecurityConfiguration {
 
     @Bean
     fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity
+        .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
         .authorizeExchange(::authorizeExchange)
         .formLogin(::formLogin)
         .logout(::logout)

src/main/kotlin/ltd/hlaeja/security/handler/CsrfAccessDeniedHandler.kt

@@ -0,0 +1,15 @@
+package ltd.hlaeja.security.handler
+
+import org.springframework.http.HttpStatus.BAD_REQUEST
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
+import org.springframework.web.server.ResponseStatusException
+import org.springframework.web.server.ServerWebExchange
+import reactor.core.publisher.Mono
+
+class CsrfAccessDeniedHandler : ServerAccessDeniedHandler {
+    override fun handle(
+        exchange: ServerWebExchange,
+        denied: AccessDeniedException,
+    ): Mono<Void> = Mono.error(ResponseStatusException(BAD_REQUEST, "Access denied ${exchange.request.path}", denied))
+}