diff --git a/src/Common/CsrfCounterMeasure.php b/src/Common/CsrfCounterMeasure.php
index ae2dace23..9082b5350 100644
--- a/src/Common/CsrfCounterMeasure.php
+++ b/src/Common/CsrfCounterMeasure.php
@@ -26,6 +26,12 @@ protected function createCsrfCounterMeasure($uniqueId)
             'ignore'        => true,
             'required'      => true,
             'validators'    => ['Callback' => function ($token) use ($uniqueId, $hashAlgo) {
+                switch ($_SERVER['HTTP_SEC_FETCH_SITE'] ?? '') {
+                    case 'same-origin': // same scheme, host and port
+                    case 'none': // a user-originated operation
+                        return true;
+                }
+
                 if (empty($token) || strpos($token, '|') === false) {
                     throw new Error('Invalid CSRF token provided');
                 }