Google auth broken (csfr_detected error)

We are using the default Google auth plugin, and are now getting csfr_detected on our forum. Users & admins cannot currently log in, getting “Authorization timed out, or you have switched browsers. Please try again.”

The only change made before auth breaking was changing the “max new accounts per registration ip” from 3 to 50 – I don’t see how that would have caused the issue though.

Any ideas? We’re stumped.

Still an issue? Have you recently updated? (If not, you probably should.)