hello

Direct access without x-xsrf-token header /api/hello

Check devtools for see request payload

In case you want render csrf token to html page 

CSRF TOKEN: cLEUw3n8-qdZPJGaMLrOmJJBxk3pTHJTcUgk