I saw the same Wrong CSRF token message in my logs.
In my case I had to remove HTTPOnly from proxy_cookie_path in my nginx configuration. I am using https and only needed Secure. Note that you have to clear old cookies from your browser after updating nginx.
More info here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie