fix the CSRF attack by providing the client with a token that will be saved on local storage in addition to the jwt.
fix the CSRF attack by providing the client with a token that will be saved on local storage in addition to the jwt.