hmm. If the fetch interceptor provided by us is getting applied as expected, all requests to your app's APIs should have

rid: "anti-csrf"

in it.