I'm aware of other issues and know this is solved by sending referer header, I disabled this myself because i didn't want to website tracks my last location. But I'm consider now what's related between CSRF verification and my last location?
ps. I thought it might be needed for OpenID verification, but I don't use it. I use the old way, simple username and password.