- 🇺🇸United States SocialNicheGuru
How does this committed issue 🐛 User logout is vulnerable to CSRF Fixed and the change record https://www.drupal.org/node/2822514 → affect this issue, 🐛 CSRF check always fails for users without a session Needs work ?
Leaving as needs work.
- 🇳🇱Netherlands Ruuds
I've implemented the suggestion of @larowlan and also added a test for it. If the private stream wrapper is not available a warning is shown it is advised to store file uploads for contact forms as private files.