public/dev-admin.html:128:            'X-CSRF-Token': session.csrf ?? '',
src/Interfaces/Http/Middleware/CsrfMiddleware.php:19:                return Response::json(['error' => 'CSRF_SESSION_REQUIRED', 'message' => 'Session requise pour valider la requête.'], 401);
src/Interfaces/Http/Middleware/CsrfMiddleware.php:30:                return Response::json(['error' => 'CSRF_TOKEN_INVALID', 'message' => 'Jeton CSRF invalide ou manquant.'], 403);
public/assets/packages/services/commandBus.js:23:          'X-CSRF-Token': token,
public/assets/packages/services/boards.js:18:  if (csrf) headers['X-CSRF-Token'] = csrf;
public/assets/packages/services/boards.js:51:      'X-CSRF-Token': csrf,
public/assets/packages/services/http.js:44:    const hasHeaderCsrf = typeof headers['X-CSRF-Token'] === 'string' || typeof headers['x-csrf-token'] === 'string';
public/assets/packages/services/http.js:46:      headers['X-CSRF-Token'] = token;
public/assets/packages/services/http.js:51:    try { debugLog('HTTP send', { url, method, hasCsrf: hasHeaderCsrf ? true : !!token, csrfLen: (hasHeaderCsrf ? String(headers['X-CSRF-Token'] ?? headers['x-csrf-token']).length : (token || '').length) }); } catch (_) {}
public/assets/packages/services/http.js:81:        const retryHeaders = { ...headers, 'X-CSRF-Token': fresh };
public/assets/apps/auth/main.js:81:    case 'CSRF_TOKEN_INVALID':
