2 files changed, 4 insertions, 3 deletions

diff --git a/src/main/resources/templates/layouts/default.html b/src/main/resources/templates/layouts/default.html
index a2665364..9167dbfb 100644
--- a/src/main/resources/templates/layouts/default.html
+++ b/src/main/resources/templates/layouts/default.html
@@ -35,7 +35,7 @@
     <link rel="manifest" href="//i.juick.com/manifest.json" />
 </head>
 
-<body id="body" {% if visitor.uid > 0 %}data-hash="{{visitor.authHash}}" {% endif %}>
+<body id="body" {% if visitor.uid > 0 %}data-hash="{{visitor.authHash}}" {% else %}data-token="{{_csrf.token}}" {% endif %}>
     <div id="app">
         {% include "views/partial/navigation" %}
         <div id="content_wrapper">
@@ -53,4 +53,4 @@
     </div>
 </body>
 
-</html>
\ No newline at end of file
+</html>
diff --git a/src/main/resources/templates/layouts/login.html b/src/main/resources/templates/layouts/login.html
index e89f6790..86eb45fa 100644
--- a/src/main/resources/templates/layouts/login.html
+++ b/src/main/resources/templates/layouts/login.html
@@ -266,6 +266,7 @@
         <div id="signinform">
             <form action="/login" method="POST">
                 <p class="err">{{ authErrorMessage | default('') }}</p>
+                <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" />
                 <input class="txt" type="text" name="username" placeholder='{{ i18n("messages","label.username") }}'
                     id="nickinput" autocomplete="username" />
                 <input class="txt" type="password" name="password"
@@ -277,4 +278,4 @@
 
 </body>
 
-</html>
\ No newline at end of file
+</html>