csrf token stopping first login

[YoelRidgway]

When trying to login for the first time it doesnt work due to missing csrf token.

[coisu]

@ionorb @maofalt @ZacharyNogueira @abravo31 This only happens on the first try Login on new incognito window, cause the browser settings in the incognito window are configured to disable cookies. and most of user_management back-end code is protected against CSRF. so the necessary CSRF token supposed to be included in the requests. so it is normal that we are having CSRF verification failures. i think we don't need to handle this issue.

[YoelRidgway]

Yes. But we can fix this problem. This also happens on non incognito if you close the browser and start it. I talked about it with @maofalt yesterday. We need an endpoint that is unprotected that sends the card token on first connection to the site.

The reason why this happens is because there isn't any request to the user_management backend before logging in. So the cookie is never sent.