diff --git a/lhc_web/design/defaulttheme/tpl/lhchat/cannedmsgedit.tpl.php b/lhc_web/design/defaulttheme/tpl/lhchat/cannedmsgedit.tpl.php
index 666c5d3364..3aa7029819 100644
--- a/lhc_web/design/defaulttheme/tpl/lhchat/cannedmsgedit.tpl.php
+++ b/lhc_web/design/defaulttheme/tpl/lhchat/cannedmsgedit.tpl.php
@@ -12,6 +12,8 @@
 
 <form action="<?php echo erLhcoreClassDesign::baseurl('chat/cannedmsgedit')?>/<?php echo $canned_message->id?>" method="post" onsubmit="return confirmSave()">
 
+    <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
+
     <?php include(erLhcoreClassDesign::designtpl('lhchat/cannedmsgform.tpl.php'));?>
     
     <div class="btn-group" role="group" aria-label="...">
diff --git a/lhc_web/design/defaulttheme/tpl/lhchat/newcannedmsg.tpl.php b/lhc_web/design/defaulttheme/tpl/lhchat/newcannedmsg.tpl.php
index 16ac793bb8..169f078209 100644
--- a/lhc_web/design/defaulttheme/tpl/lhchat/newcannedmsg.tpl.php
+++ b/lhc_web/design/defaulttheme/tpl/lhchat/newcannedmsg.tpl.php
@@ -5,7 +5,9 @@
 <?php endif; ?>
 
 <form action="<?php echo erLhcoreClassDesign::baseurl('chat/newcannedmsg')?>" method="post">
-    
+
+    <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
+
     <?php include(erLhcoreClassDesign::designtpl('lhchat/cannedmsgform.tpl.php'));?>
 	
 	<div class="btn-group" role="group" aria-label="...">
diff --git a/lhc_web/modules/lhchat/cannedmsgedit.php b/lhc_web/modules/lhchat/cannedmsgedit.php
index e3ae23ff74..7a9aeeb1c7 100644
--- a/lhc_web/modules/lhchat/cannedmsgedit.php
+++ b/lhc_web/modules/lhchat/cannedmsgedit.php
@@ -29,6 +29,11 @@
 
 if (isset($_POST['Update_action']) || isset($_POST['Save_action'])  )
 {
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('chat/cannedmsg');
+        exit;
+    }
+
    $previousState = $Msg->getState();
 
    $Errors = erLhcoreClassAdminChatValidatorHelper::validateCannedMessage($Msg, $userDepartments);
diff --git a/lhc_web/modules/lhchat/newcannedmsg.php b/lhc_web/modules/lhchat/newcannedmsg.php
index dedf8df363..adf5febae8 100644
--- a/lhc_web/modules/lhchat/newcannedmsg.php
+++ b/lhc_web/modules/lhchat/newcannedmsg.php
@@ -17,6 +17,11 @@
 
 if (isset($_POST['Save_action']))
 {
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('chat/cannedmsg');
+        exit;
+    }
+
     $Errors = erLhcoreClassAdminChatValidatorHelper::validateCannedMessage($CannedMessage, $userDepartments);
 
     erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.before_newcannedmsg', array('departments' => $userDepartments, 'scope' => 'global', 'errors' => & $Errors, 'msg' => & $CannedMessage));
diff --git a/lhc_web/modules/lhgroupchat/options.php b/lhc_web/modules/lhgroupchat/options.php
index e5659869ed..4db8cdcc71 100644
--- a/lhc_web/modules/lhgroupchat/options.php
+++ b/lhc_web/modules/lhgroupchat/options.php
@@ -8,6 +8,11 @@
 
 if ( isset($_POST['StoreOptions']) ) {
 
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('groupchat/options');
+        exit;
+    }
+
     $definition = array(
         'supervisor' => new ezcInputFormDefinitionElement(
             ezcInputFormDefinitionElement::OPTIONAL, 'int'
diff --git a/lhc_web/modules/lhnotifications/settings.php b/lhc_web/modules/lhnotifications/settings.php
index 1c48313602..2f9ee25233 100644
--- a/lhc_web/modules/lhnotifications/settings.php
+++ b/lhc_web/modules/lhnotifications/settings.php
@@ -7,6 +7,11 @@
 
 if ( isset($_POST['StoreOptions']) ) {
 
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('notifications/index');
+        exit;
+    }
+
     $definition = array(
         'enabled' => new ezcInputFormDefinitionElement(
             ezcInputFormDefinitionElement::OPTIONAL, 'boolean'