hello

Direct access without x-xsrf-token header /api/hello

Check devtools for see request payload

In case you want render csrf token to html page 

CSRF TOKEN: S03QtFup-GX907YvD4V8CZo4PP-WpZO3LWxI