Added csrf protection matcher to exclude bearer token calls from csfr

src/main/java/de/avatic/lcc/config/SecurityConfig.java

@@ -91,9 +91,18 @@ public class SecurityConfig {
                 )
                 .csrf(csrf -> csrf
                         .ignoringRequestMatchers("/oauth2/token") // CSRF für OAuth deaktivieren
+                        .ignoringRequestMatchers("/login/oauth2/code/**")
+                        .requireCsrfProtectionMatcher(request -> {
+
+                            String authHeader = request.getHeader("Authorization");
+                            if (authHeader != null && authHeader.startsWith("Bearer ")) {
+                                return false;
+                            }
+
+                            return true;
+                        })
                         .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                         .csrfTokenRequestHandler(new LccCsrfTokenRequestHandler())
-                        .ignoringRequestMatchers("/login/oauth2/code/**")
                 )
                 .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
                 .addFilterBefore(