I think egg might know what the 'cross-site forgery' is - came up in another thread - basically it means that the xara site considers your browser to be infected with a kind of malware.... I think:

"Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated."

https://www.owasp.org/index.php/Cros...on_Cheat_Sheet