Suggestion: Add additional information about Axios and XSRF

[nckrtl]

I noticed that the XSRF token header is only set with axios when withCredentials option is set to true.

window.axios.defaults.withCredentials = true;

Is this correct? According to the docs I assumed it happens automatically. Without explicitly setting it to true it won't get attached automatically for me.

If this is correct I could write up an additional note for the CSRF section.