A really minor point, but I'm not sure that CSRF exception should really show up in the PHP error logs. I mean, they are somewhat expected and not really a fatal error:
[14-Jun-2015 11:43:46 Australia/Sydney] [2015-06-14 11:43:46] EXCEPTION: (AphrontCSRFException) You are trying to save some data to Phabricator, but the request your browser made included an incorrect token. Reload the page and try again. You may need to clear your cookies. This was an Ajax request. This request had an invalid CSRF token. at [<phabricator>/src/aphront/AphrontRequest.php:276] [14-Jun-2015 11:43:46 Australia/Sydney] arcanist(head=master, ref.master=7d15b85a1bc0), phabricator(head=master, ref.master=5397779ee248, custom=1), phlab(head=master, ref.master=36469f5efae6), phutil(head=master, ref.master=92882eb9404d) [14-Jun-2015 11:43:46 Australia/Sydney] #0 <#2> AphrontRequest::validateCSRF() called at [<phabricator>/src/aphront/AphrontRequest.php:296] [14-Jun-2015 11:43:46 Australia/Sydney] #1 <#2> AphrontRequest::isFormPost() called at [<phabricator>/src/applications/files/controller/PhabricatorFileCommentController.php:15] [14-Jun-2015 11:43:46 Australia/Sydney] #2 <#2> PhabricatorFileCommentController::processRequest() called at [<phabricator>/src/aphront/AphrontController.php:33] [14-Jun-2015 11:43:46 Australia/Sydney] #3 <#2> AphrontController::handleRequest(AphrontRequest) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:226] [14-Jun-2015 11:43:46 Australia/Sydney] #4 phlog(AphrontCSRFException) called at [<phabricator>/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php:71] [14-Jun-2015 11:43:46 Australia/Sydney] #5 AphrontDefaultApplicationConfiguration::handleException(AphrontCSRFException) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:230] [14-Jun-2015 11:43:46 Australia/Sydney] #6 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:140] [14-Jun-2015 11:43:46 Australia/Sydney] #7 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phabricator>/webroot/index.php:21]