Turn On CSRF Protection for My Forms

Add CSRF protection to my [Django / Rails / Laravel / Express] app and show me the form changes I need to make.

I want you to:
1. Confirm whether CSRF middleware is already enabled by default in my framework
2. Show me the exact line(s) I need to add to each HTML form to include the token
3. Explain what happens on submit when the token is missing or wrong (what status code, what error message)
4. Tell me how to test it: one request with the token (should succeed), one without (should get rejected)

My stack: [your framework and version here]
Form page I want to protect: [path or URL]

I am learning, so explain each part simply.