chores: Update CHANGELOG and fix typo

Author: KShivendu

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 
+## Fixes
+
+- Anti csrf check should happen only when access token is passed while session is optional
+
 ## [0.14.6] - 2023-06-22
 
 ### Changes and fixes

tests/test_session.py

@@ -719,7 +719,7 @@ async def test_that_verify_session_doesnt_always_call_core():
     assert session3.refresh_token is not None
 
     assert (
-        AllowedProcessStates.CALLING_SERVICE_IN_VERIFYG
+        AllowedProcessStates.CALLING_SERVICE_IN_VERIFY
         not in ProcessState.get_instance().history
     )
 
@@ -741,11 +741,13 @@ async def test_that_verify_session_doesnt_always_call_core():
 async def test_anti_csrf_header_via_custom_header_check_happens_only_when_access_token_is_provided(
     driver_config_client: TestClient,
 ):
-    args = get_st_init_args([session.init(anti_csrf="VIA_CUSTOM_HEADER", get_token_transfer_method=lambda *_: "cookie")])  # type: ignore
+    args = get_st_init_args([session.init(anti_csrf="VIA_CUSTOM_HEADER", get_token_transfer_method=lambda *_: "cookie")]) # type: ignore
     init(**args)  # type: ignore
     start_st()
 
-    response = driver_config_client.post("/create")
+    response = driver_config_client.post(
+        "/create"
+    )
     assert response.status_code == 200
 
     # With access token:
@@ -755,8 +757,7 @@ async def test_anti_csrf_header_via_custom_header_check_happens_only_when_access
     assert response.json() == {"message": "try refresh token"}
 
     # with RID:
-    response = driver_config_client.post(
-        "/sessioninfo-optional",
+    response = driver_config_client.post("/sessioninfo-optional",
         headers={
             "rid": "session",
         },