diff --git a/Contestation/Demandereconnaissancefaciale.php b/Contestation/Demandereconnaissancefaciale.php
index 900a2cc..29a5a1d 100755
--- a/Contestation/Demandereconnaissancefaciale.php
+++ b/Contestation/Demandereconnaissancefaciale.php
@@ -509,7 +509,7 @@
         
         <div class="content">
 			<!-- <input type="hidden" id="csrf_token" name="csrf_token" value="<?= htmlspecialchars($token) ?>">  -->			
-			<input class='form-control' type='text' id='csrf_token' name='csrf_token' value="<?= htmlspecialchars($token) ?>">
+			<input class='form-control' type='text' id='Kcsrf_token' name='Kcsrf_token' value="<?= htmlspecialchars($token) ?>">
 			
             <!-- Étape 1: Chargement -->
             <div id="step-loading" class="step active">
diff --git a/Contestation/verify_facial_api.php b/Contestation/verify_facial_api.php
index c43d281..955ef42 100644
--- a/Contestation/verify_facial_api.php
+++ b/Contestation/verify_facial_api.php
@@ -234,13 +234,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $input  = json_decode(file_get_contents('php://input'), true);
 
     $csrf_token = $input['csrf_token'] ?? null;
-	
-	var_dump(
-		array(
-			"csrf_token" => $csrf_token,
-		)
-	);
 
+	if (!isset($csrf_token)) {
+		echo json_encode(['success' => false, 'message' => 'Mauvaise session! Absence']);
+		exit;
+	}
+
+	if (!Csrf::validateToken($csrf_token)) {
+		echo json_encode(['success' => false, 'message' => 'Mauvaise session! No much']);
+		exit;
+	}
+
+	echo json_encode(['success' => false, 'message' => 'On peut maintenant continuer']);
+	exit;
+	
     $action = $input['action'] ?? null;
     
     $api = new FacialVerificationAPI();