Hi,
there seem to be a lot of issues with the token validation of CSM data. We ran into some (posted a month ago) due to internal rewriting and I read about issues with HTTPS to HTTP translation done on TMG servers.
Please consider a way to disable this token validation (per override) or customisation of the matching rules (perhaps with an override that uses regular expressions).
Thanks,
Peter