update wsapi to return a body of 'Bad Request: no cookie' when a CSRF check fails because no cookie was sent from the client - issue #835, issue #1056