DSitC It looks like your issue is caused in the change in Flarum core to address https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6
Now all API endpoints require the use of the CSRF token, or the use of an API token.
Maybe we should allow the login endpoint without either of those, if so please let us know, we might consider opening an issue to get this corrected in a future Flarum release.
From what kind of setup or app are you hitting the login endpoint ? If you are querying from a local or server-side script and you are the owner of the forum, you can use a master API token to authorize yourself to perform that request. If your script only deals with administrative tasks you might want to use the master token directly for all requests.
Creating a Flarum master token is described here for instance https://discuss.flarum.org/d/1925-flagrow-generic-php-api-client-for-flarum-installations (I couldn't find any official guide from ourselves 🤔 )
If you are not the owner of the forum you want to create a token for, there's no other way than getting a CSRF token, which might be a very tricky situation from command line.
