3 files changed, 15 insertions, 6 deletions

diff --git a/auth.go b/auth.go
index 2027827..c503da4 100644
--- a/auth.go
+++ b/auth.go
@@ -119,9 +119,9 @@ func loginPage() http.HandlerFunc {
 		if session(r).Authenticated {
 			http.Redirect(w, r, "/", http.StatusFound)
 		}
-		showLoginPage(w, User{
-			Csrf: CsrfField(r),
-		})
+		u := User{}
+		u.SetCsrfField(r)
+		showLoginPage(w, u)
 	}
 }
 
diff --git a/csrf.go b/csrf.go
index 962a2a0..4539825 100644
--- a/csrf.go
+++ b/csrf.go
@@ -19,9 +19,13 @@ func csrfHandler(next http.Handler) http.Handler {
 // Csrf handles the CSRF data for a form.
 // Include it verbatim and then use `{{.CsrfField}}` in templates.
 type Csrf struct {
-	CsrfField template.HTML `form:"-"`
+	CsrfField template.HTML `form:"-" schema:"-"`
 }
 
-func CsrfField(r *http.Request) Csrf {
-	return Csrf{CsrfField: csrf.TemplateField(r)}
+func (c *Csrf) SetCsrfField(r *http.Request) {
+	c.CsrfField = csrf.TemplateField(r)
+}
+
+type WithCsrf interface {
+	SetCsrfField(r *http.Request)
 }
diff --git a/form.go b/form.go
index c5dffa0..db0d097 100644
--- a/form.go
+++ b/form.go
@@ -12,6 +12,7 @@ var schemaDecoder *schema.Decoder
 
 func init() {
 	schemaDecoder = schema.NewDecoder()
+	schemaDecoder.IgnoreUnknownKeys(true)
 }
 
 type fieldError struct {
@@ -34,4 +35,8 @@ func parseForm[T any](r *http.Request, data *T) {
 	if err := schemaDecoder.Decode(data, r.PostForm); err != nil {
 		log.Panic("Decoding form: ", err)
 	}
+
+	if withCsrf, ok := any(data).(WithCsrf); ok {
+		withCsrf.SetCsrfField(r)
+	}
 }