False CSRF protection warning

after upgrading from plone 4 to 5.08 i got the csrf exception below on some content (only if i logged in)
gruss juergen

File "/usr/local/Plone5/buildout-cache/eggs/zope.interface-3.6.7-py2.7-linux-x86_64.egg/zope/interface/adapter.py", line 585, in subscribers
File "/usr/local/Plone5/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/zpublisher.py", line 85, in applyTransformOnSuccess
transformed = applyTransform(event.request)
File "/usr/local/Plone5/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/zpublisher.py", line 74, in applyTransform
transformed = transformer(request, result, encoding)
File "/usr/local/Plone5/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/transformer.py", line 49, in call
newResult = handler.transformIterable(result, encoding)
File "/usr/local/Plone5/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 182, in transformIterable
if not self.check():
File "/usr/local/Plone5/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 207, in check
return self._check()
File "/usr/local/Plone5/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 279, in _check
2018-03-05 14:06:28 INFO plone.protect None
aborting transaction due to no CSRF protection on url

CSRF protection does not make any sense for anonymous users, so obviously it's only done with logged-in users.

It's possible to disable CSRF totally by setting the env variable PLONE_CSRF_DISABLED to true or y but it's not a very attractive proposition unless you have a totally protected site. If there is only a few items you could try to set the variable before restarting Plone, edit the documents and resave them, maybe it could fix the data.
But I'd advise you to not use this trick for long, CSRF protection is here for a reason and it should be on.