CSRF and rest controllers in a hilla app

I have a Hilla 2.2 app running with the standard security setup. We now have a requirement to add some RestControllers which will NOT be used by the Hilla frontend. Has anyone done this?
Even using permitAll() for testing, it seems like we are getting “Invalid CSRF token” for Post requests. Get requests are working ok.


Thanks. That’s exactly what I needed to find. Works!