In my case the token is missing. The linked github issue is about an invalid one. It’s a different problem. The browser dev tools showed “Cookie “_csrf” has been rejected because a non-HTTPS cookie can’t be set as “secure”” and indeed my UI interface was not on a secure server.
The solution was to install version 2.13.0 (Release v2.13.0 · temporalio/ui-server · GitHub) which exposes environment to set insecure cookies (TEMPORAL_CSRF_COOKIE_INSECURE=true)