Stripe one-off failing - csrf token not set
On main branch HEAD, stripe one-off payments fail with 'Bad request'. Turns out this is being failed by the firewall extension because the CSRF token is not set. I haven't dug in enough to be clear how it is intended to be working. Should the CSRF token be set by that point, and if so where?