If you need to use a raster PNG badge, change the '.svg' to '.png' in the link
Removes csrf check from callback status post
This protection is inappropriate for this scenario as this is
essentially an API call and not an in-app submission.
Also tweaks callback uri and fixes assumptions about incoming json.
relevant lines covered
hits per line