CSRF value should be automatically injected when using a th:action

src/main/resources/templates/fragments.html

@@ -27,9 +27,7 @@
                     <a class="nav-link" th:href="${#mvc.url('MC#memberDetails').build()}">My Account</a>
                 </div>
                 <div class="d-flex" sec:authorize="isAuthenticated()">
-                    <form id="logoutForm" method="POST" th:action="@{/logout}">
-                        <input name="${_csrf.parameterName}" type="hidden" value="${_csrf.token}"/>
-                    </form>
+                    <form id="logoutForm" method="POST" th:action="@{/logout}"></form>
                     <span class="navbar-text" sec:authentication="name"></span>
                     <a class="nav-link" onclick="document.forms['logoutForm'].submit()" style="cursor: pointer"><i
                             class="bi bi-box-arrow-right me-1"></i>Logout</a>

src/main/resources/templates/landing.html

@@ -5,9 +5,7 @@
     <title>Booru</title>
 </head>
 <body>
-<form id="logoutForm" method="POST" th:action="@{/logout}" sec:authorize="isAuthenticated()">
-    <input name="${_csrf.parameterName}" type="hidden" value="${_csrf.token}"/>
-</form>
+<form id="logoutForm" method="POST" th:action="@{/logout}" sec:authorize="isAuthenticated()"></form>
 <div class="container-fluid">
     <div class="row">
         <div class="col">

src/main/resources/templates/login.html

@@ -28,8 +28,6 @@
                     </div>
                     <div class="mb-3">
                         <span class="has-error text-danger" th:text="${error}"></span>
-                        <input name="${_csrf.parameterName}" type="hidden" value="${_csrf.token}"/>
-
                         <div>
                             <button class="btn btn-lg btn-primary btn-block" type="submit">Log In</button>
                         </div>