One more thing: Of course I implemented a fallback in case localStorage is not available or full. The CSRF-Token is stored as a cookie then. But this does not help, since the CSRF-Token is stored successfully (the script does even check this by reading the token from localStorage directly after writing it). Thus there is no fallback-cookie set.
You need to log in before you can comment on or make changes to this bug.