Skip CSRF protection on Workhorse internal API
Out of necessity, we skip CSRF protection on Workhorse /authorize pre-authorization subrequests. This is because the CSRF token often cannot be propagated to the subrequest. When we added the new /api/v4/internal/workhorse/authorize_upload endpoint, we forgot to disable CSRF protection on it. This MR fixes that.
While we are here, we also improve Workhorse logging of failed internal API calls.
Edited by Jacob Vosmaer