In View source I have following code
<form action="http://localhost/working/codeigniter/index.php/test.html" method="post" accept-charset="utf-8">
<input type="hidden" name="csrf_test_name" value="e44f21e60b55e940f05626b3b7b01fcb" />
<input type="text" name="name" value="" />
<input type="submit" name="submit" value="Submit" />
</form>
But $data = $this->input->post(); is not giving me csrf_test_name value.
The CSRF token is removed from the post data by the security class.
Then it's all automatic: if the $config['csrf_protection'] is enabled, it's gonna be validated by the Input class and return an error if the token doesn't match.