I checked on One more and it had a unique implementation. It will send out a request to api endpoint (on the consumer app) in addition to a This method of CSRF mitigation is also usually utilised with unauthenticated requests, like requests created prior to creating a session state, which https://fernandotycva.blogstival.com/59175025/custom-case-study-solution-no-further-a-mystery
