/testing-for-cross-site-request-forgery/
https://alex-labs.com/tackling-the-invalid-csrf-token-error/