Related to #17260, <websocket-message-broker> should pick up a bean named csrfChannelInterceptor in the same way that @EnableWebSocketSecurity does.
This is a bug since it was identified as part of the migration path when XorCsrfChannelInterceptor was released.