hello

Direct access without x-xsrf-token header /api/hello

Check devtools for see request payload

In case you want render csrf token to html page 

CSRF TOKEN: mGhKdrtw-XXWxqs2BMX8giJhbd08K74v2mxI