Default constructor, useful from Java
The key used to store the token in the Play session. Defaults to csrfToken.
If defined, causes the filter to store the token in a Cookie with this name instead of the session.
If storing the token in a cookie, whether this Cookie should set the secure flag. Defaults to whether the session cookie is configured to be secure.
Whether a new CSRF token should be created if it's not found. Default creates one if it's a GET request that accepts HTML.
A token provider to use.
A filter that provides CSRF protection.
These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.