Yeah, so far things seem to be making it less common but not fully resolved.
For those that care, the XSRF token is Angular’s (used in the Duplicati web interface) implementation of the Cross-Site Request Forgery (CSRF) security feature described here:
https://stormpath.com/blog/angular-xsrf
So what’s going on is that somehow the Duplicati server isn’t getting the XSRF token and thinks the request from the web UI is fake so doesn’t give the UI whatever data was requested (often seen as empty select lists).
It’s strictly a communications issue between the Duplicati web UI and the Duplicati server (service / backend or tray-icon), in no way is it an issue with backups.