Some requests don't work due missing of the X-CSRF-TOKEN header.

E. g. .../swagger/index.html#/Builds/create-workspace-build.

The 400 response contains the message

Something is wrong with your CSRF token. Please refresh the page. If this error persists, try clearing your cookies.

Neither a page refresh nor clearing the cookies solves the problem.

An curl command of the exact same request, but including the X-CSRF-TOKEN header with the content of the csrf_token cookie works as expected.