Hi All,
Just to elaborate/extend the topic of CSRF in this context, you could also do a HTTP HEAD request using Fetch for the X-CSRF-Token without having to do a GET. If your primary purpose is to get the CSRF token, to essentially authorize the subsequent POST request, it may sometimes be a waste/unnecessary to do a GET just to retrieve the token.