diff --git a/NEWS.rst b/NEWS.rst
index 93c4526..95f2d27 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -25,6 +25,7 @@
 (2012-XX-XX)
 
 * dev setup fix for Django 1.4 contributed by Rohan Jain
+* missing csrf tokens in templates contributed by Richard Wackerbarth (LP: 996658)
 
 
 1.0 alpha 1 -- "Space Farm"
diff --git a/dev_setup/settings.py b/dev_setup/settings.py
index 1e86370..4a8cd46 100644
--- a/dev_setup/settings.py
+++ b/dev_setup/settings.py
@@ -116,6 +116,7 @@
 
 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
diff --git a/src/postorius/doc/news.rst b/src/postorius/doc/news.rst
index 328c5a2..7ed3acc 100644
--- a/src/postorius/doc/news.rst
+++ b/src/postorius/doc/news.rst
@@ -25,6 +25,7 @@
 (2012-XX-XX)
 
 * dev setup fix for Django 1.4 contributed by Rohan Jain
+* missing csrf tokens in templates contributed by Richard Wackerbarth (LP: 996658)
 
 
 1.0 alpha 1 -- "Space Farm"
diff --git a/src/postorius/templates/postorius/confirm_dialog.html b/src/postorius/templates/postorius/confirm_dialog.html
index 28d0f13..4d03517 100644
--- a/src/postorius/templates/postorius/confirm_dialog.html
+++ b/src/postorius/templates/postorius/confirm_dialog.html
@@ -4,7 +4,7 @@
 {% block main %}
     <h1>{% trans 'Confirm' %}</h1>
     <p>{% trans "Are you sure?" %}</p>
-    <form action="{{submit_url}}" method="post">
+    <form action="{{submit_url}}" method="post"> {% csrf_token %}
         <button class="btn btn-danger" type="submit">{% trans "OK" %}</button>
         <a class="btn" href="{{cancel_url}}">{% trans "Cancel" %}</a>
     </form>
diff --git a/src/postorius/templates/postorius/domain_new.html b/src/postorius/templates/postorius/domain_new.html
index d0e129c..df0ee90 100644
--- a/src/postorius/templates/postorius/domain_new.html
+++ b/src/postorius/templates/postorius/domain_new.html
@@ -4,7 +4,7 @@
 {% block main %}
     {% include 'postorius/menu/settings_nav.html' %}
     <h1>{% trans "Add a new Domain" %}</h1>
-    <form action="{% url domain_new %}" method="post" class="well">
+    <form action="{% url domain_new %}" method="post" class="well"> {% csrf_token %}
         {{ form.as_p }}
         <div class="field">
             <button class="btn btn-success" type="submit">{% trans "Create Domain" %}</button>
diff --git a/src/postorius/templates/postorius/lists/mass_subscribe.html b/src/postorius/templates/postorius/lists/mass_subscribe.html
index fac403b..3359023 100644
--- a/src/postorius/templates/postorius/lists/mass_subscribe.html
+++ b/src/postorius/templates/postorius/lists/mass_subscribe.html
@@ -6,7 +6,7 @@
         {% include 'postorius/menu/list_nav.html' %}
     {% endif %}
     <h1>{% trans "Mass Subscribe" %} <span>- {{list.fqdn_listname}}</span></h1>
-    <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well">
+    <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well"> {% csrf_token %}
         {{ form.as_p }}
         <button class="btn btn-primary" type="submit">{% trans "Subscribe users" %}</button>
     </form>
diff --git a/src/postorius/templates/postorius/lists/new.html b/src/postorius/templates/postorius/lists/new.html
index 787b400..3e3536d 100644
--- a/src/postorius/templates/postorius/lists/new.html
+++ b/src/postorius/templates/postorius/lists/new.html
@@ -3,7 +3,7 @@
 
 {% block main %}
     <h1>{% trans "Create a new List" %} {{ block.super }}</h1> 
-    <form action="{% url list_new %}" method="post" class="well">
+    <form action="{% url list_new %}" method="post" class="well"> {% csrf_token %}
         {{ form.as_p }}
         <button class="btn btn-success" type="submit">{% trans "Create List" %}</button>
     </form>
diff --git a/src/postorius/templates/postorius/lists/settings.html b/src/postorius/templates/postorius/lists/settings.html
index 3f6610f..98beb49 100644
--- a/src/postorius/templates/postorius/lists/settings.html
+++ b/src/postorius/templates/postorius/lists/settings.html
@@ -12,7 +12,7 @@
     </ul>
 
     {% if visible_section %}
-        <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings">
+        <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings"> {% csrf_token %}
             {{ form.as_p }}
 	        <button class="btn btn-primary" type="submit">{%trans "Save changes" %}</button>
         </form>
diff --git a/src/postorius/templates/postorius/lists/subscribe.html b/src/postorius/templates/postorius/lists/subscribe.html
index 76c2d48..0d7f73b 100644
--- a/src/postorius/templates/postorius/lists/subscribe.html
+++ b/src/postorius/templates/postorius/lists/subscribe.html
@@ -3,7 +3,7 @@
 
 {% block main %}
     <h1>{% trans 'Subscribe' %} <span>{{ list.fqdn_listname}}</span></h1>
-    <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
+    <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
         {{form.as_p}}
         <input class="btn btn-primary" type="submit" value="{% trans 'Subscribe' %}" />
     </form>
diff --git a/src/postorius/templates/postorius/lists/subscriptions.html b/src/postorius/templates/postorius/lists/subscriptions.html
index 08f20da..9f1ead5 100644
--- a/src/postorius/templates/postorius/lists/subscriptions.html
+++ b/src/postorius/templates/postorius/lists/subscriptions.html
@@ -4,7 +4,7 @@
 {% block main %}
     {{list.list_name}} <span>{{list.display_name}}</span>
     {% if form_subscribe %}
-    <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe">
+    <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe"> {% csrf_token %}
         {{ form_subscribe.as_div }}
         <div class="field">
             <button type="submit">{% trans "Subscribe" %}</button>
@@ -13,7 +13,7 @@
     </form>
     {% endif %}
     {% if form_unsubscribe %}
-    <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe">
+    <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe"> {% csrf_token %}
         {{ form_unsubscribe.as_div }}
         <div class="field">
             <button type="submit">{% trans "Unsubscribe" %}</button>
diff --git a/src/postorius/templates/postorius/lists/summary.html b/src/postorius/templates/postorius/lists/summary.html
index cf57a9d..be01b8b 100644
--- a/src/postorius/templates/postorius/lists/summary.html
+++ b/src/postorius/templates/postorius/lists/summary.html
@@ -15,7 +15,7 @@
   
     <h2>{% trans 'Membership' %}</h2>
     {% if user.is_authenticated %}
-    <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
+    <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
         {{subscribe_form.as_p}}
         <input class="btn btn-success" type="submit" value="{% trans 'Subscribe' %}" />
         <a href="{% url list_unsubscribe list.fqdn_listname user.email %}" class="btn btn-danger">Unsubscribe</a>
diff --git a/src/postorius/templates/postorius/login.html b/src/postorius/templates/postorius/login.html
index 8bcc986..4a7ea30 100644
--- a/src/postorius/templates/postorius/login.html
+++ b/src/postorius/templates/postorius/login.html
@@ -5,7 +5,7 @@
     
     <h2>Login with username and password</h2>
 
-    <form action="" method="post" class="login mm_clear">
+    <form action="" method="post" class="login mm_clear"> {% csrf_token %}
         {{ form.as_p }}
         <div class="field">
             <button class="btn btn-primary" type="submit">{% trans "Login" %}</button>
@@ -17,7 +17,7 @@
     <!--
     <h2>Login using OpenID</h2>
 
-    <form method="post" action="{% url socialauth_begin 'openid' %}">
+    <form method="post" action="{% url socialauth_begin 'openid' %}"> {% csrf_token %}
         OpenID URL: <input type="text" name="openid_identifier" /> 
         <input type="submit" value="Login using OpenID" />
     </form>
@@ -27,7 +27,7 @@
 
     <h2>Login using BrowserID</h2>
 
-    <form method="post" action="{% url socialauth_complete "browserid" %}">
+    <form method="post" action="{% url socialauth_complete "browserid" %}"> {% csrf_token %}
         <input type="hidden" name="assertion" value="" />
         <a rel="nofollow" id="browserid" href="#"><img src="{{ STATIC_URL }}postorius/default/img/sign_in_blue.png" alt="Login using BrowserID" /></a>
     </form>
@@ -36,7 +36,7 @@
 {% block additionaljs %}
 <!-- Include BrowserID JavaScript -->
 <script src="https://browserid.org/include.js" type="text/javascript"></script>
-<!-- Setup click handler that retieves BrowserID assertion code and sends
+<!-- Setup click handler that receives BrowserID assertion code and sends
      POST data -->
 <script type="text/javascript">
     $(function () {
diff --git a/src/postorius/templates/postorius/menu/general.html b/src/postorius/templates/postorius/menu/general.html
index 263b052..8cabcd6 100644
--- a/src/postorius/templates/postorius/menu/general.html
+++ b/src/postorius/templates/postorius/menu/general.html
@@ -68,9 +68,9 @@
                         {% trans "advertised" %} Link:TODO
                     </a>
                 </li>         
-                <li {% if selected == "anonymus_list" %}id="selected"{% endif %}>
+                <li {% if selected == "anonymous_list" %}id="selected"{% endif %}>
                     <a href="{% comment %}{% url ... %}{% endcomment %}">
-                        {% trans "anonymus_list" %} Link:TODO
+                        {% trans "anonymous_list" %} Link:TODO
                     </a>
                 </li>                                         
             </ul></div>     
diff --git a/src/postorius/templates/postorius/menu/maintanance.html b/src/postorius/templates/postorius/menu/maintanance.html
index 3139afa..7d87d3b 100644
--- a/src/postorius/templates/postorius/menu/maintanance.html
+++ b/src/postorius/templates/postorius/menu/maintanance.html
@@ -9,7 +9,7 @@
                 {% trans "Archive" %} #TODO link
             </a>
         </li>
-        <li {% if selected == "auto_resonder" %}id="selected"{% endif %}>
+        <li {% if selected == "auto_responder" %}id="selected"{% endif %}>
             <a href="{% url list_settings fqdn_listname=fqdn_listname visible_section='Automatic Responses' visible_option=None %}">
                 {% trans "Auto Responder" %}
             </a>
@@ -52,9 +52,9 @@
                         {% trans "Message" %} Link:TODO
                     </a>
                 </li>
-                <li {% if selected == "filter_receipent" %}id="selected"{% endif %}>
+                <li {% if selected == "filter_recipient" %}id="selected"{% endif %}>
                     <a href="{% comment %}{% url ... %}{% endcomment %}">
-                        {% trans "Receipent" %} Link:TODO
+                        {% trans "Recipient" %} Link:TODO
                     </a>
                 </li>
                 <li {% if selected == "filter_spam" %}id="selected"{% endif %}>
diff --git a/src/postorius/templates/postorius/menu/subscriptions.html b/src/postorius/templates/postorius/menu/subscriptions.html
index 08e00b7..e40b24a 100644
--- a/src/postorius/templates/postorius/menu/subscriptions.html
+++ b/src/postorius/templates/postorius/menu/subscriptions.html
@@ -14,14 +14,14 @@
                 {% trans "Subscribe" %}
             </a>
             <div><ul class="menu">
-                 <li{% if selected == "join_adress" %}id="selected"{% endif %}>
+                 <li{% if selected == "join_address" %}id="selected"{% endif %}>
                     <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
-                        {% trans "Join Adress" %} Link:TODO
+                        {% trans "Join Address" %} Link:TODO
                     </a>
                 </li>  
                 <li{% if selected == "owner_adress" %}id="selected"{% endif %}>
                     <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
-                        {% trans "Owner Adress" %} Link:TODO
+                        {% trans "Owner Address" %} Link:TODO
                     </a>
                 </li>   
                 <li{% if selected == "mass_subscribe" %}id="selected"{% endif %}>
@@ -38,7 +38,7 @@
             <div><ul class="menu">
                  <li{% if selected == "leave_adress" %}id="selected"{% endif %}>
                     <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
-                        {% trans "Leave Adress" %} Link:TODO
+                        {% trans "Leave Address" %} Link:TODO
                     </a>
                 </li>  
             </ul></div>         
diff --git a/src/postorius/templates/postorius/user_mailmansettings.html b/src/postorius/templates/postorius/user_mailmansettings.html
index ebd8f3b..5c5057d 100644
--- a/src/postorius/templates/postorius/user_mailmansettings.html
+++ b/src/postorius/templates/postorius/user_mailmansettings.html
@@ -55,7 +55,7 @@
     <h2>List Preferences Overview</h2>
     <p><em class="errorlist">Sample output: not real</em></p>
     <input id="btnHide" type="button" value="{% trans "Hide Descriptions" %}"/>
-    <form action="#">
+    <form action="#"> {% csrf_token %}
     <table class="table table-bordered table-striped">
         <tr>
             <th>{% trans "Setting" %}</th>
diff --git a/src/postorius/templates/postorius/user_settings.html b/src/postorius/templates/postorius/user_settings.html
index 1d5a8ff..fad6abc 100644
--- a/src/postorius/templates/postorius/user_settings.html
+++ b/src/postorius/templates/postorius/user_settings.html
@@ -16,9 +16,9 @@
         <div class="mm_boxHeader">
         {% trans "Content" %}
         </div>  
-        <p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscirbed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
+        <p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscribed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
         {% if form %}
-            <form action="" method="post" class="user" name="user">
+            <form action="" method="post" class="user" name="user"> {% csrf_token %}
             <ul class="">
                 {{ form.as_div }}
                 <li class="field">