diff --git a/app/controllers/welcome.js b/app/controllers/welcome.js
index 28dcae1..455a137 100644
--- a/app/controllers/welcome.js
+++ b/app/controllers/welcome.js
@@ -69,7 +69,7 @@ class WelcomeController extends SiteController {
       csrfToken: csrfTokenService,
       logan: loganService,
     } = this.dtp.services;
-    req.csrfToken = await csrfTokenService.create(req, {
+    res.locals.csrfToken = await csrfTokenService.create(req, {
       name: 'user-create',
       expiresMinutes: 20,
     });
diff --git a/app/views/welcome/signup.pug b/app/views/welcome/signup.pug
index 04d7b60..3876d6e 100644
--- a/app/views/welcome/signup.pug
+++ b/app/views/welcome/signup.pug
@@ -4,6 +4,7 @@ block content
   section.uk-section.uk-section-default.uk-section-xsmall
     .uk-container.uk-container-small
       form(method="POST", action="/user").uk-form
+        input(type="hidden", name= csrfToken.name, value= csrfToken.token)
         .uk-card.uk-card-default.uk-card-small.uk-width-xlarge.uk-margin-auto.uk-border-rounded
           .uk-card-header
             h1.uk-card-title Create New Account