my final opinion make sure your env cookie are set well this include domain pass and also not forget session set not cookie
check here how do you do???
Code:
cookie.prefix = ''
cookie.expires = 300 //for testing!!!
cookie.path = '/'
cookie.domain = 'your domain.com'
cookie.secure = true
cookie.httponly = false
cookie.samesite = 'Lax'
cookie.raw = false
and here
Code:
security.csrfProtection = 'session'
security.tokenRandomize = true
security.tokenName = 'csrf_token_name'
security.headerName = 'X-CSRF-TOKEN'
security.cookieName = 'csrf_cookie_name'
security.expires = 7200
security.regenerate = true
security.redirect = true
security.samesite = 'Lax'
as I firstly said make sure first you turn off csrf to off this will help you to trace the issue caused, because your issue looks like based on only CSRF and if you use content policy try to comment #!!!
CI 4+ as i told has strong CSRF any minor mistake expect to have this (The action you requested is not allowed) especially on session and cookies whatsoever
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals