In my Postmill-admin experience, a slight config issue caused occasional CSRF errors on actions like creating an account or making a post.
To bypass this, just click the Submit button again. That's all you need to do.
"But," you may wonder, "why not fix it?" Good question!
By luck, this CSRF error keeps the spambots down! It'd be trivial for the spambots to code around it, but they just don't. Plenty of spambots just get stuck on the first CSRF error they hit.