Error 403 after successful authentication on POST /action | Spring Security

This code in both GET /action and POST /action returns a 200 OK once the user is authenticated.

@SpringBootApplication
public class DemoApplication {

 @Controller
 public static class ActionController {
  @GetMapping("/action")
  @ResponseBody
  String getOk() {
   return "<form action='/action' method='post'><button type='submit'>Go</button></form>";
  }

  @PostMapping("/action")
  @ResponseBody
  String postOk() {
   return "ok";
  }
 }

 @EnableWebSecurity
 public static class SecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
   http.authorizeRequests()
    .antMatchers("/action/**")
     .access("isFullyAuthenticated()")
     .and()
    .formLogin()
     .and()
    .csrf().disable();
  }

  @Bean
  @Override
  public UserDetailsService userDetailsService() {
   UserDetails user = User.withDefaultPasswordEncoder()
        .username("user")
        .password("password")
        .roles("USER")
        .build()

   return new InMemoryUserDetailsManager(user);
  }
 }

 public static void main(String[] args) {
  SpringApplication.run(DemoApplication.class, args);
 }
}