We are in the process of turning on CSRF mitigation using the following DSS settings: security/csrf/mitigation = true , security/csrf/secureall = true

When reviewing the application html source, it looks like the CSRF token is not being populated. Here is a snippet of html code from the application:

"pega.d" : { "pyUID": "gdamore", "csrfToken": "",