Forbidden - CSRF token invalid

[kek-wait-w]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I want to pass a token in headers but when I send a request my token is always null.

This is how I connect csrf in main

csrfMiddleware := csrf.Protect([]byte("qwnbjb13jbhb12j3bjbbj"))
mainRouter.Use(csrfMiddleware)

serverPort := ":" + os.Getenv("SERVER_PORT")
logs.Logger.Info("starting server at ", serverPort)

err = http.ListenAndServe(serverPort, mainRouter)
if err != nil {
	logs.LogFatal(logs.Logger, "main", "main", err, "Failed to start server")
}
logs.Logger.Info("server stopped")

}
Here I try to write in header
func NewAuthHandler(authMwRouter *mux.Router, mainRouter *mux.Router, u domain.AuthUsecase) {
handler := &AuthHandler{
AuthUsecase: u,
}

mainRouter.HandleFunc("/api/v1/auth/#", handler.Login).Methods(http.MethodPost, http.MethodOptions)
mainRouter.HandleFunc("/api/v1/auth/register", handler.Register).Methods(http.MethodPost, http.MethodOptions)

}
func (a *AuthHandler) Register(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-CSRF-Token", csrf.Token(r))

And when I send a request, I always get 403
URL:
http://localhost:8080/api/v1/auth/register
Method: POST
Status code: 403 Forbidden ( service worker)
URL : strict-origin-when-cross-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST,OPTIONS
Access-Control-Allow-Origin: http://localhost
Content-Length: 31
Content-Type: text/plain; charset=utf-8
Date: Mon, 06 Nov 2023 11:27:57 GMT
X-Content-Type-Options: nosniff
Content-Type: application/json;charset=utf-8
Referer: http://localhost/
Sec-Ch-Ua: "Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
X-Csrf-Token: null

Expected Behavior

No response

Steps To Reproduce

No response

Anything else?

No response