We recently carried out an upgrade from 4.0.x straight to 4.2.x but unfortunately the CSRF token format change in ~4.0.7 was not detected during testing which has resulted in a bunch of previously cookied users not being able to submit forms. We’re now in a situation where we can’t roll-back as the recent logins will then start failing instead.
Is there a simple way to check/validate the CSRF cookie on GETs and force a cookie update rather than wait for a POST which then results in a failure?
We’ve temporarily disabled CSRF middleware for now but this is obviously not ideal.
Thanks.