Access Denied + Cloudflare?

We are experiencing the same issue. Thanks matthensley for shedding light on the matter, would have been a long day!

Is it browser-agnostic? We have the same, but only on Chrome, Firefox works fine

The error seems to be in Chrome, as Dimitris says.

The error in our log looks like:

Type: 	access denied

Path: /user/{user}/masquerade?token={token}. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: 'csrf_token' URL query argument is invalid. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of /.../web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

We hare experiencing this issue. It was first reported on the 4th October and thought CloudFlare could be a possible cause as no changes have been made in the last 2-3 weeks.

It does also seem to be an issue in Chrome.

Also experiencing this issue on a number of sites. Chrome + CF = Log out immediately after switching to another user. FireFox + CF = Expected result.

Can confirm also experiencing this issue on a site when using Chrome + CF.
But works fine for the same site with Firefox + CF.

Having the same issue

Same here.
Other then Firefox, also Safari works as well.

I did spot in the console that when you land on the masquerade switch route, /user/{user}/masquerade, the page returns a 503.

It's looks like in google chrome links clicked twice now.
Noticed that in different place, but in firefox also everything fine.

I observed today that masquerade is working as expected on Chrome behind CF for two different sites. Anyone else seeing that it works again?

@jeremyr, same here. Talk about an big WTF....

Yep, confirmed here as well. This all has to be CF changes I'd guess? It's a little unclear how often Chrome updates as they happen in background...

I've seen something similar ... there was a problem and then it dissappeared.