I always get "Invalid CSRF token" following the example

[jenkynolasco11]

I followed the example, and every time I make a POST request sending the csrf token like in the example, I always get this message: 'Invalid CSRF Token'

This is my code:

// app.js
app
    .use(session())
    .use(new CSRF({
      invalidSessionSecretMessage: 'Invalid session secret',
      invalidSessionSecretStatusCode: INVALIDSTATUSCODE,
      invalidTokenMessage: 'Invalid CSRF token',
      invalidTokenStatusCode: INVALIDSTATUSCODE,
      excludedMethods: [ 'GET', 'HEAD', 'OPTIONS' ],
      disableQuery: false
    }))
   // ... all other configurations...

// routes.js
route.get('/login', ctx => {
    console.log(ctx.csrf)
    ctx.state = { title : 'Login', login : true, csrf: ctx.csrf }
    ctx.render('login')
})

// login.pug
  form(submit='/auth/login' method='post')
    label Username
      input(name='username' type='text' placeholder='JohnDoe2' required)
    label Password
      input(name='password' type='password' placeholder='********' required)
    if login
      a(href='/auth/signup') Or register here
    input(name='_csrf' value=csrf hidden)
    input(type='submit' value='Send')

Am I missing something important?

[jenkynolasco11]

I am going to close this issue. After looking at the code of the module, I found out that it heavily relies in the bodyparser module, and I mounted the bodyparser after the crsf middleware. I'm closing this now.