just tested it and actually didn't work for me. Instead seeing above error in chrome.
<form action=""> URL in a new window totally ignoring the hidden
nonce input field etc.
That's why previously the
nonce was before added in the redirect URL and caused the CSRF problem.
To fix it, we need to add the nonce to the form
action url in https://github.com/matomo-org/matomo/blob/3.10.0-b1/plugins/CoreAdminHome/OptOutManager.php#L195-L200 . It should be totally fine to send the nonce through GET parameter.