CSRF with Cookies not provided on Reactive web stack

[langrp]

Summary

CSRF cookies not set on reactive web stack for first response from the server. The same configuration running on servlet stack provides cookies.

Actual Behavior

Missing 'Set-Cookie' header in server response

Expected Behavior

Response header 'Set-Cookie' with CSRF token is expected

Configuration

@SpringBootApplication
public class DemoCsrfApplication {

	public static void main(String[] args) {
		SpringApplication.run(DemoCsrfApplication.class, args);
	}

}

@RestController
class HomeController {

	@GetMapping("/")
	public Map<String, String> getGreetings() {
		return Map.of("value", "Hello World");
	}

}

@Configuration
@EnableWebFluxSecurity
class AppSecurityConfig {

	@Bean
	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
		http.authorizeExchange()
				.pathMatchers(HttpMethod.GET).permitAll()
				.anyExchange().authenticated()
				.and()
			.csrf()
				.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
				.and()
			.httpBasic().and()
			.cors();
		return http.build();
	}
}

Test

@AutoConfigureWebTestClient
@ExtendWith( SpringExtension.class )
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
class DemoCsrfApplicationTests {

	@Autowired
	private WebTestClient webClient;

	@Test
	void contextLoads() {

		this.webClient.get().uri("/")
				.exchange()
				.expectStatus().isOk()
				.expectHeader().exists("Set-Cookie");

	}

}

Version

Spring Boot 2.2.0.BUILD-SNAPSHOT
spring-security-web 5.2.0.RC1

Sample

Entirely code above

[langrp]

Duplicate of 5766