peppelinux
commented
2 years ago that's something patched in the dev branch, here https://github.com/italia/spid-cie-oidc-django/blob/dev/spid_cie_oidc/provider/views/introspection_endpoint.py#L41
we have the except of csrf token as we can see. May you're using the main branch?
Hopefully tomorrow we'll have a new release
The response to a well formed introspection request returns with 403 error https status code and reason "CSRF cookie not set."