iamleot
commented
1 year ago I've mostly taken the patch as-is (only adjusted a bit the logic to always print out debug log events) and addressed that via #42.
Thank you for analyzing this issue and fixing it!
Depending on the origin the parsed csrf token may not be needed. This fix updates the session only if there was a csrf token meta element in the html.