Unit and integration tests should be written to make sure that the functionalities still work as expected. It would limit the possible regression issues caused by new development/refactorings, especially since there are several possible configuration permutations.

Detailed manual testing scenarios, executions flows would be very helpful as well because it could also act as a documentation/functional requirements.

Related commits:

• OWASP/www-project-csrfguard@23e586a
• OWASP/www-project-csrfguard@1c3bb46
• OWASP/www-project-csrfguard@18ab5cc
• OWASP/www-project-csrfguard@c787303

The issue has been transferred to the official location at: OWASP/www-project-csrfguard#24