I've noticed that when enabling 'REMEMBER_COOKIE_HTTPONLY' within the config dict, it causes "The CSRF tokens do not match" in a POST request specifically for mobile Firefox. Non-mobile works just fine, as does Chromium. Those appear to also be affected.

1. Set 'REMEMBER_COOKIE_HTTPONLY' within the config dict
2. Go to a page that has a CSRF token and do a post request
3. It fails with a "The CSRF tokens do not match"

The POST request should complete just fine

Environment:

• Python version: 3.8.10
• Flask-WTF version: 1.0.1
• Flask version: 2.1.2