Describe the bug
After upgrading from version 4.4.0-jakarta to 4.5.0-jakarta of the org.owasp:csrfguard library, we suddenly encountered an error 400 dialog in our web application:

The actual error read:

This endpoint should not be invoked if the Token-Per-Page functionality is disabled!

It is caused by the javascript invoking a xhr POST connection:

Our settings include:

org.owasp.csrfguard.TokenPerPage = false

In the non-minified version of the JS (csrfguard.js), this block (line 730ff) is not executed with our settings:

            if ('%TOKENS_PER_PAGE%') {
                let pageTokenRequestCallback = function (receivedPageTokens) {
                    pageTokenWrapper.pageTokens = receivedPageTokens;

                    pageTokenWrapper.pageTokensLoaded = true;

                    if (isLoadedWrapper.isDomContentLoaded) {
                        injectTokens(tokenName, masterTokenValue, receivedPageTokens);
                    }
                };

                requestPageTokens(tokenName, masterTokenValue, pageTokenRequestCallback);
            } else {

It appears as if in the minified version csrfguard.min.js this somehow gets executed, as the requestPageTokens method (which performs this xhr POST request) is called.

If we switch back to the non-minified version with this setting, it works again as expected (that is, without error dialog):

org.owasp.csrfguard.JavascriptServlet.sourceFile = META-INF/csrfguard.js

It would be cool if we could use the minified version. Would you like to have a look at the minification process/settings?