In #2463567: Push CSRF tokens for forms to placeholders + #lazy_builder → , we've found that there were GET forms with CSRF tokens.
A CSRF token is only useful when changing data, and changing state during a GET request is something that the HTTP spec says SHOULD NOT be done. ( #2502785: Remove support for $form_state->setCached() for GET requests → )
Make sure that GET forms never have CSRF tokens by setting $form['#token'] = FALSE; in the form builder.
Fixed
8.0 ⚰️
forms system
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.