Only partial support for CSRF tokens supplied via headers

[Elknar]

As far as I can tell, there's no trivial way to make the CSRF token be sent as a header, even though the clj portion of the code has support for it.

Having the CSRF token as a url parameter isn't ideal.

[ptaoussanis]

@Elknar Hi there, I'm sorry but I'm not sure I understand what your question is exactly.

Could you please clarify what you're trying to achieve, and what the motivation is? Thanks!