I saw the same Wrong CSRF token message in my logs.
In my case I had to remove HTTPOnly
from proxy_cookie_path
in my nginx configuration. I am using https and only needed Secure
. Note that you have to clear old cookies from your browser after updating nginx.
More info here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie