diff --git a/web.php b/web.php
index 055d76a..a9cb13e 100644
--- a/web.php
+++ b/web.php
@@ -106,7 +106,7 @@ if (!Container::$request->session()->has('anti_csrf_token')) {
 $appConfig = [
     'antiCsrfTokenName' => 'anti_csrf_token',
     'antiCsrfTokenErrorResponse' => ['error' => 'no_valid_anti_csrf_token'],
-    'antiCsrfTokenExceptions' => ['oauth/token'],
+    'antiCsrfTokenExceptions' => ['/oauth/token'],
     'loginRouteId' => 'login',
     'error404View' => 'error/404'
 ];