Fix and unify CSRF support across web and API endpoints.

templates/oauthorize.html

@@ -54,13 +54,13 @@
         <input type="hidden" name="client_id" value="{{ client_id }}">
         <input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
         <input type="hidden" name="scope" value="{{ scope }}">
-        <input type="hidden" name="csrf" value="{{ csrf_token_val }}">
+        <input type="hidden" name="_csrf_token" value="{{ csrf_token_val }}">
         <button type="submit" class="btn btn-success">Authorize Application</button>
       </form><form method="post" action="/oauth/denyapp">
         <input type="hidden" name="client_id" value="{{ client_id }}">
         <input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
         <input type="hidden" name="scope" value="{{ scope }}">
-        <input type="hidden" name="csrf" value="{{ csrf_token_val }}">
+        <input type="hidden" name="_csrf_token" value="{{ csrf_token_val }}">
         <button type="submit" class="btn btn-default">Cancel</button>
       </form>
     </div>