Enable _xsrf in cookies in swagger.yaml, so that scripts don't have to handle it. Signed-off-by: danfengliu <danfengl@vmware.com>