I figured out the issue with csrf. I had to set the config url to be that of my client app instead of the nodebb instance.
Using this I'm able to request the csrf token from the config endpoint and use that in subsequent requests.
So I finally got around to upgrading my forum for v1.4.5 to v1.5.1. I followed the steps in the documentation for upgrading (https://docs.nodebb.org/configuring/upgrade/) but when I started my forum back up, it wouldn't let me log in!
Instead, I'm taken to a page that simply says "Forbidden" while my console log says "error: /login invalid csrf token". Anyone ever experienced this? I know others had seen similar issues with an older version but was never able to find if there was a definitive solution.
Any help or suggestions is greatly appreciated!