Managed to solve this with the tip from this post
https://community.zammad.org/t/user-login-csrf-token-verification-failed-requestheader-fix-does-not-work/3931