Yeah, they changed the header information of the API. Now it uses x-kh-session instead of xsrf and session.
I couldn't find x-kh-session in Application tab but you can find it in Network tab. Just choose a random link that has x-kh-session in "Request Headers" and copy it to the script.
Here is the updated script.