Default constructor, useful from Java
The key used to store the token in the Play session. Defaults to csrfToken.
If defined, causes the filter to store the token in a Cookie with this name instead of the session.
If storing the token in a cookie, whether this Cookie should set the secure flag. Defaults to whether the session cookie is configured to be secure.
Whether a new CSRF token should be created if it's not found. Default creates one if it's a GET request that accepts HTML.
A token provider to use.