Spring RestController gets redirected to Login no matter what I do

I have a @RestController which acts as a webhook for another API. When the other app posts to the webhook Vaadin 302 redirects it back to the LoginView no matter what I do with antMatchers or @AnonymousAllowed or @969550907647852604mitAll annotation.

This is from the class that extends VaadinWebSecurity:

protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/VAADIN/**", "/", "/webhook")

    setLoginView(http, LoginView.class);

And, here’s the RestController…

public class ATWebhookController {

public ResponseEntity handleWebhook(@RequestBody String payload) {
    // process the payload and return an appropriate response

    return new ResponseEntity(HttpStatus.OK);

By default CSRF is active when using non-vaadin endpoints resulting in Spring security rejecting your request because of no CSRF Token. You can debug this by enabling spring security debug