LiveView CSRF token can be removed or modified without any effects

Hey! It seems that I can modify or completely remove the csrf token when working in LiveView without it affecting anything. How and where is it being verified? I’m a bit stuck with this issue and don’t know how to move forward. The application is pretty much just a clean Phoenix project with generated LiveViews.

Thank you!

The CRSF token is only used when establishing the socket connection, not on each socket message.