diff --git a/src/postorius/templates/postorius/confirm_dialog.html b/src/postorius/templates/postorius/confirm_dialog.html
index 28d0f13..4d03517 100644
--- a/src/postorius/templates/postorius/confirm_dialog.html
+++ b/src/postorius/templates/postorius/confirm_dialog.html
@@ -4,7 +4,7 @@
{% block main %}
<h1>{% trans 'Confirm' %}</h1>
<p>{% trans "Are you sure?" %}</p>
- <form action="{{submit_url}}" method="post">
+ <form action="{{submit_url}}" method="post"> {% csrf_token %}
<button class="btn btn-danger" type="submit">{% trans "OK" %}</button>
<a class="btn" href="{{cancel_url}}">{% trans "Cancel" %}</a>
</form>
diff --git a/src/postorius/templates/postorius/domain_new.html b/src/postorius/templates/postorius/domain_new.html
index d0e129c..df0ee90 100644
--- a/src/postorius/templates/postorius/domain_new.html
+++ b/src/postorius/templates/postorius/domain_new.html
@@ -4,7 +4,7 @@
{% block main %}
{% include 'postorius/menu/settings_nav.html' %}
<h1>{% trans "Add a new Domain" %}</h1>
- <form action="{% url domain_new %}" method="post" class="well">
+ <form action="{% url domain_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-success" type="submit">{% trans "Create Domain" %}</button>
diff --git a/src/postorius/templates/postorius/lists/mass_subscribe.html b/src/postorius/templates/postorius/lists/mass_subscribe.html
index fac403b..3359023 100644
--- a/src/postorius/templates/postorius/lists/mass_subscribe.html
+++ b/src/postorius/templates/postorius/lists/mass_subscribe.html
@@ -6,7 +6,7 @@
{% include 'postorius/menu/list_nav.html' %}
{% endif %}
<h1>{% trans "Mass Subscribe" %} <span>- {{list.fqdn_listname}}</span></h1>
- <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well">
+ <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{% trans "Subscribe users" %}</button>
</form>
diff --git a/src/postorius/templates/postorius/lists/new.html b/src/postorius/templates/postorius/lists/new.html
index 787b400..3e3536d 100644
--- a/src/postorius/templates/postorius/lists/new.html
+++ b/src/postorius/templates/postorius/lists/new.html
@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans "Create a new List" %} {{ block.super }}</h1>
- <form action="{% url list_new %}" method="post" class="well">
+ <form action="{% url list_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-success" type="submit">{% trans "Create List" %}</button>
</form>
diff --git a/src/postorius/templates/postorius/lists/settings.html b/src/postorius/templates/postorius/lists/settings.html
index 3f6610f..98beb49 100644
--- a/src/postorius/templates/postorius/lists/settings.html
+++ b/src/postorius/templates/postorius/lists/settings.html
@@ -12,7 +12,7 @@
</ul>
{% if visible_section %}
- <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings">
+ <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{%trans "Save changes" %}</button>
</form>
diff --git a/src/postorius/templates/postorius/lists/subscribe.html b/src/postorius/templates/postorius/lists/subscribe.html
index 76c2d48..0d7f73b 100644
--- a/src/postorius/templates/postorius/lists/subscribe.html
+++ b/src/postorius/templates/postorius/lists/subscribe.html
@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans 'Subscribe' %} <span>{{ list.fqdn_listname}}</span></h1>
- <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
+ <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{form.as_p}}
<input class="btn btn-primary" type="submit" value="{% trans 'Subscribe' %}" />
</form>
diff --git a/src/postorius/templates/postorius/lists/subscriptions.html b/src/postorius/templates/postorius/lists/subscriptions.html
index 08f20da..9f1ead5 100644
--- a/src/postorius/templates/postorius/lists/subscriptions.html
+++ b/src/postorius/templates/postorius/lists/subscriptions.html
@@ -4,7 +4,7 @@
{% block main %}
{{list.list_name}} <span>{{list.display_name}}</span>
{% if form_subscribe %}
- <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe">
+ <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe"> {% csrf_token %}
{{ form_subscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Subscribe" %}</button>
@@ -13,7 +13,7 @@
</form>
{% endif %}
{% if form_unsubscribe %}
- <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe">
+ <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe"> {% csrf_token %}
{{ form_unsubscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Unsubscribe" %}</button>
diff --git a/src/postorius/templates/postorius/lists/summary.html b/src/postorius/templates/postorius/lists/summary.html
index cf57a9d..be01b8b 100644
--- a/src/postorius/templates/postorius/lists/summary.html
+++ b/src/postorius/templates/postorius/lists/summary.html
@@ -15,7 +15,7 @@
<h2>{% trans 'Membership' %}</h2>
{% if user.is_authenticated %}
- <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
+ <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{subscribe_form.as_p}}
<input class="btn btn-success" type="submit" value="{% trans 'Subscribe' %}" />
<a href="{% url list_unsubscribe list.fqdn_listname user.email %}" class="btn btn-danger">Unsubscribe</a>
diff --git a/src/postorius/templates/postorius/login.html b/src/postorius/templates/postorius/login.html
index 8bcc986..189af03 100644
--- a/src/postorius/templates/postorius/login.html
+++ b/src/postorius/templates/postorius/login.html
@@ -5,7 +5,7 @@
<h2>Login with username and password</h2>
- <form action="" method="post" class="login mm_clear">
+ <form action="" method="post" class="login mm_clear"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-primary" type="submit">{% trans "Login" %}</button>
@@ -17,7 +17,7 @@
<!--
<h2>Login using OpenID</h2>
- <form method="post" action="{% url socialauth_begin 'openid' %}">
+ <form method="post" action="{% url socialauth_begin 'openid' %}"> {% csrf_token %}
OpenID URL: <input type="text" name="openid_identifier" />
<input type="submit" value="Login using OpenID" />
</form>
@@ -27,7 +27,7 @@
<h2>Login using BrowserID</h2>
- <form method="post" action="{% url socialauth_complete "browserid" %}">
+ <form method="post" action="{% url socialauth_complete "browserid" %}"> {% csrf_token %}
<input type="hidden" name="assertion" value="" />
<a rel="nofollow" id="browserid" href="#"><img src="{{ STATIC_URL }}postorius/default/img/sign_in_blue.png" alt="Login using BrowserID" /></a>
</form>
diff --git a/src/postorius/templates/postorius/user_mailmansettings.html b/src/postorius/templates/postorius/user_mailmansettings.html
index ebd8f3b..5c5057d 100644
--- a/src/postorius/templates/postorius/user_mailmansettings.html
+++ b/src/postorius/templates/postorius/user_mailmansettings.html
@@ -55,7 +55,7 @@
<h2>List Preferences Overview</h2>
<p><em class="errorlist">Sample output: not real</em></p>
<input id="btnHide" type="button" value="{% trans "Hide Descriptions" %}"/>
- <form action="#">
+ <form action="#"> {% csrf_token %}
<table class="table table-bordered table-striped">
<tr>
<th>{% trans "Setting" %}</th>
diff --git a/src/postorius/templates/postorius/user_settings.html b/src/postorius/templates/postorius/user_settings.html
index 1d5a8ff..5ccec36 100644
--- a/src/postorius/templates/postorius/user_settings.html
+++ b/src/postorius/templates/postorius/user_settings.html
@@ -18,7 +18,7 @@
</div>
<p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscirbed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
{% if form %}
- <form action="" method="post" class="user" name="user">
+ <form action="" method="post" class="user" name="user"> {% csrf_token %}
<ul class="">
{{ form.as_div }}
<li class="field">