fix: CSRF token is required when using the Revoke Session API endpoint (

#839)

Closes #838

session/handler.go

@@ -50,6 +50,7 @@ const (
 
 func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic) {
  h.r.CSRFHandler().ExemptPath(RouteWhoami)
+ h.r.CSRFHandler().ExemptPath(RouteRevoke)
 
  for _, m := range []string{http.MethodGet, http.MethodHead, http.MethodPost, http.MethodPut, http.MethodPatch,
  http.MethodDelete, http.MethodConnect, http.MethodOptions, http.MethodTrace} {