Jyou definitely want one, dunno if that's going to be handled automatically
Jgiven that the POINT of a CSRF token is to prove to the server that a request is coming from a browser instance that is executing your JavaScript code, and not just a hyperlink someone clicked in an e-mail, I'm inclined to assume the answer is "no, it's not included automatically"
Jshould be easy enough to check
PIn earlier versions of .net you used to put @CSrf inside the form. But visual studio doesn't give me the hint to put it in. So i'm dubble checking
Jrun it and see
