When using a Twig layout for legacy modules (frontend only, backend is fine as using legacy_mode), ezxFormToken::output() cannot add meta tags containing the CSRF token, as when it is triggered by legacy kernel, the layout has not been rendered yet. This makes legacy JS unable to use this token when doing POST requests, triggering exceptions.

Example with eZIE

After opening eZIE in the frontend (SF stack), closing the window with either 'save and close' or 'quit' will result in an error being shown.

The response includes an exception "Missing form token from Request"