Togglz actuator does not work for POST

[Steven Gottleaber]

Documentation indicates that I should be able to change a toggle via a POST to the actuator endpoint.  The GET to the endpoint works fine, however I am getting a security issue when trying to POST to the endpoint

{

    "timestamp": "2020-05-27T23:26:19.728+0000",

    "status": 403,

    "error": "Forbidden",

    "message": "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.",

    "path": "/BillsSummary/actuator/togglz"

}

I have Spring security enabled.  If i disable csrf in spring security config I then get a 405 Method Not Supported  when posting to the endpoint.  Can someone tell me how I am suppose to configure security so this works and how I can use the actuator with Postman?  I tried hitting the endpoint with a curl as well and i am getting the same results.

Thanks in advance for any help you can give me.

Steve