CSRF Protection with X-Flow-CsrfToken Header doesn't work
If the CSRF Token is submited as X-Flow-CsrfToken Request Header, the token validation fails, even if the correct token is submited.
The CsrfProtection RequestPattern tries to get the X-Flow-CsrfToken Header in order to validate the request (around line 108 in TYPO3\Flow\Security\RequestPattern\CsrfProtection).
The header is transformed from X-Flow-CsrfToken to HTTP-X-FLOW-CSRFTOKEN through PHP and afterwards in TYPO3\Flow\Http around line 72 to X-Flow-Csrftoken (lower t in Token).
A solution could be to name the header X-Flow-Csrf-Token.
Affected Version is 2.1.0 (not available to choose)