take a look.
This CSRF problem has been haunting you from the very beginning, but you are not getting to the bottom of the problem.
This error occurs when a user has not closed his tab after logging off or something else.
replace $scheme by https is not a panacea. which is written e.g. here or in the documentation.
https://zammad.panic.at/help/de-de/56-zammad/182-was-tun-bei-csrf-token-verification-failed
You have to build a mechanism in your application to avoid this error.
Best wishes
Beste Grüße