diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 532595548..2bcfac952 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -25,6 +25,7 @@ class ApplicationController < ActionController::Base
   
   before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
+  protect_from_forgery
   
   include Redmine::Search::Controller
   include Redmine::MenuManager::MenuController
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 388d2022a..0d1b42e5b 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -21,6 +21,9 @@ config.action_controller.session = {
   :secret => "some secret phrase for the tests."
 }
 
+# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
+config.action_controller.allow_forgery_protection  = false
+
 config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
 config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
 config.gem "mocha"
diff --git a/config/environments/test_pgsql.rb b/config/environments/test_pgsql.rb
index 388d2022a..0d1b42e5b 100644
--- a/config/environments/test_pgsql.rb
+++ b/config/environments/test_pgsql.rb
@@ -21,6 +21,9 @@ config.action_controller.session = {
   :secret => "some secret phrase for the tests."
 }
 
+# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
+config.action_controller.allow_forgery_protection  = false
+
 config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
 config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
 config.gem "mocha"
diff --git a/config/environments/test_sqlite3.rb b/config/environments/test_sqlite3.rb
index 388d2022a..0d1b42e5b 100644
--- a/config/environments/test_sqlite3.rb
+++ b/config/environments/test_sqlite3.rb
@@ -21,6 +21,9 @@ config.action_controller.session = {
   :secret => "some secret phrase for the tests."
 }
 
+# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
+config.action_controller.allow_forgery_protection  = false
+
 config.gem "thoughtbot-shoulda", :lib => "shoulda", :source => "http://gems.github.com"
 config.gem "nofxx-object_daddy", :lib => "object_daddy", :source => "http://gems.github.com"
 config.gem "mocha"