diff --git a/galette/composer.json b/galette/composer.json
index f33d8d0058..b9d7244760 100644
--- a/galette/composer.json
+++ b/galette/composer.json
@@ -50,7 +50,8 @@
         "doctrine/annotations": "^1.8",
         "laminas/laminas-servicemanager": "3.7",
         "symfony/polyfill-php80": "^1.23",
-        "ezyang/htmlpurifier": "^4.13"
+        "ezyang/htmlpurifier": "^4.13",
+        "slim/csrf": "0.8.3"
     },
     "require-dev": {
         "atoum/atoum": "dev-master",
diff --git a/galette/composer.lock b/galette/composer.lock
index 79e9819a4e..511eb07ece 100644
--- a/galette/composer.lock
+++ b/galette/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "47d56d47701d9038105bd93cf3b44a02",
+    "content-hash": "be12f467246cd29921b64f8f84dc17a8",
     "packages": [
         {
             "name": "akrabat/rka-slim-session-middleware",
@@ -2213,6 +2213,56 @@
             },
             "time": "2021-04-09T13:42:10+00:00"
         },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v9.99.100",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">= 7"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*",
+                "vimeo/psalm": "^1"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "type": "library",
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "polyfill",
+                "pseudorandom",
+                "random"
+            ],
+            "support": {
+                "email": "info@paragonie.com",
+                "issues": "https://github.com/paragonie/random_compat/issues",
+                "source": "https://github.com/paragonie/random_compat"
+            },
+            "time": "2020-10-15T08:29:30+00:00"
+        },
         {
             "name": "php-di/invoker",
             "version": "2.3.2",
@@ -2808,6 +2858,60 @@
             },
             "time": "2017-10-23T01:57:42+00:00"
         },
+        {
+            "name": "slim/csrf",
+            "version": "0.8.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/slimphp/Slim-Csrf.git",
+                "reference": "5f2bcf5d89adf86dc0455a32bea84d912ab466a7"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/5f2bcf5d89adf86dc0455a32bea84d912ab466a7",
+                "reference": "5f2bcf5d89adf86dc0455a32bea84d912ab466a7",
+                "shasum": ""
+            },
+            "require": {
+                "paragonie/random_compat": "^1.1|^2.0|^9.99",
+                "php": ">=5.5.0",
+                "psr/http-message": "^1.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.0",
+                "slim/slim": "~3.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Slim\\Csrf\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Josh Lockhart",
+                    "email": "hello@joshlockhart.com",
+                    "homepage": "http://joshlockhart.com"
+                }
+            ],
+            "description": "Slim Framework 3 CSRF protection middleware",
+            "homepage": "http://slimframework.com",
+            "keywords": [
+                "csrf",
+                "framework",
+                "middleware",
+                "slim"
+            ],
+            "support": {
+                "issues": "https://github.com/slimphp/Slim-Csrf/issues",
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/master"
+            },
+            "time": "2018-08-22T16:12:18+00:00"
+        },
         {
             "name": "slim/flash",
             "version": "0.4.0",
diff --git a/galette/includes/dependencies.php b/galette/includes/dependencies.php
index 8cf6b47d92..c1e86bebb0 100644
--- a/galette/includes/dependencies.php
+++ b/galette/includes/dependencies.php
@@ -432,6 +432,31 @@
         )
 );
 
+$container->set(
+    'csrf',
+    function (ContainerInterface $c) {
+        $storage = null;
+        $guard = new \Slim\Csrf\Guard(
+            'csrf',
+            $storage,
+            null,
+            200,
+            16,
+            true
+        );
+
+        $guard->setFailureCallable(function ($request, $response, $next) {
+            Analog::log(
+                'CSRF check has failed',
+                Analog::CRITICAL
+            );
+            throw new \RuntimeException(_T('Failed CSRF check!'));
+        });
+
+        return $guard;
+    }
+);
+
 //For bad existing globals can be used...
 global $translator, $i18n;
 if (
diff --git a/galette/includes/main.inc.php b/galette/includes/main.inc.php
index 7c1f190fcb..013bbbc5c9 100644
--- a/galette/includes/main.inc.php
+++ b/galette/includes/main.inc.php
@@ -92,6 +92,8 @@
 
 // Set up dependencies
 require GALETTE_ROOT . '/includes/dependencies.php';
+$app->add(new \Galette\Middleware\SmartyCsrf($app->getContainer()));
+$app->add($app->getContainer()->get('csrf'));
 
 if ($needs_update) {
     $app->add(
diff --git a/galette/lib/Galette/Middleware/SmartyCsrf.php b/galette/lib/Galette/Middleware/SmartyCsrf.php
new file mode 100644
index 0000000000..2305f5028b
--- /dev/null
+++ b/galette/lib/Galette/Middleware/SmartyCsrf.php
@@ -0,0 +1,96 @@
+<?php
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
+
+/**
+ * Galette CSRF middleware
+ *
+ * PHP version 5
+ *
+ * Copyright © 2021 The Galette Team
+ *
+ * This file is part of Galette (http://galette.tuxfamily.org).
+ *
+ * Galette is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Galette is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Galette. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  Core
+ * @package   Galette
+ *
+ * @author    Johan Cwiklinski <johan@x-tnd.be>
+ * @copyright 2021 The Galette Team
+ * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
+ * @link      http://galette.tuxfamily.org
+ * @since     Available since 0.9.6dev - 2021-11-08
+ */
+
+namespace Galette\Middleware;
+
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Message\ResponseInterface as Response;
+use Analog\Analog;
+use DI\Container;
+
+/**
+ * Galette CSRF middleware
+ *
+ * @category  Middleware
+ * @name      SmartyCsrf
+ * @package   Galette
+ * @author    Johan Cwiklinski <johan@x-tnd.be>
+ * @copyright 2020 The Galette Team
+ * @license   http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
+ * @link      http://galette.tuxfamily.org
+ * @since     Available since 0.9.4dev - 2020-05-06
+ */
+class SmartyCsrf
+{
+    private $smarty;
+    private $csrf;
+
+    /**
+     * Constructor
+     *
+     * @param Container $container Container instance
+     */
+    public function __construct(Container $container)
+    {
+        $view = $container->get('Slim\Views\Smarty');
+        $this->smarty = $view->getSmarty();
+        $this->csrf = $container->get('csrf');
+    }
+
+    /**
+     * Middleware invokable class
+     *
+     * @param  \Psr\Http\Message\ServerRequestInterface $request  PSR7 request
+     * @param  \Psr\Http\Message\ResponseInterface      $response PSR7 response
+     * @param  callable                                 $next     Next middleware
+     *
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    public function __invoke(Request $request, Response $response, $next): Response
+    {
+        $nameKey = $this->csrf->getTokenNameKey();
+        $valueKey = $this->csrf->getTokenValueKey();
+        $name = $request->getAttribute($nameKey);
+        $value = $request->getAttribute($valueKey);
+
+        $this->smarty->assign('csrf_name_key', $nameKey);
+        $this->smarty->assign('csrf_value_key', $valueKey);
+        $this->smarty->assign('csrf_name', $name);
+        $this->smarty->assign('csrf_value', $value);
+
+        return $next($request, $response);
+    }
+}
diff --git a/galette/templates/default/admintools.tpl b/galette/templates/default/admintools.tpl
index b1a9028d60..e72ac324bd 100644
--- a/galette/templates/default/admintools.tpl
+++ b/galette/templates/default/admintools.tpl
@@ -31,10 +31,11 @@
             </p>
         </fieldset>
         <div class="button-container">
-            <button ype="submit" class="action">
+            <button type="submit" class="action">
                 <i class="fas fa-database" aria-hidden="true"></i>
                 {_T string="Go"}
             </button>
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
 {/block}
diff --git a/galette/templates/default/advanced_search.tpl b/galette/templates/default/advanced_search.tpl
index 4c8767959b..1aa267893b 100644
--- a/galette/templates/default/advanced_search.tpl
+++ b/galette/templates/default/advanced_search.tpl
@@ -312,6 +312,7 @@
                 <input type="hidden" name="advanced_filtering" value="true" />
                 <input type="submit" class="inline" value="{_T string="Filter"}"/>
                 <input type="submit" name="clear_adv_filter" class="inline" value="{_T string="Clear filter"}"/>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </form>
 {/block}
diff --git a/galette/templates/default/ajouter_contribution.tpl b/galette/templates/default/ajouter_contribution.tpl
index 69cb889be1..42ee6c91fd 100644
--- a/galette/templates/default/ajouter_contribution.tpl
+++ b/galette/templates/default/ajouter_contribution.tpl
@@ -184,6 +184,7 @@
             <input type="hidden" name="trans_id" value="{if $contribution->transaction neq NULL}{$contribution->transaction->id}{/if}"/>
         </div>
     {/if}
+            {include file="forms_types/csrf.tpl"}
         </form>
 {else} {* No members *}
     <div class="center" id="warningbox">
diff --git a/galette/templates/default/ajouter_transaction.tpl b/galette/templates/default/ajouter_transaction.tpl
index 18a3ddde14..2f34546e46 100644
--- a/galette/templates/default/ajouter_transaction.tpl
+++ b/galette/templates/default/ajouter_transaction.tpl
@@ -46,6 +46,7 @@
             </button>
             <input type="hidden" name="trans_id" value="{$transaction->id}"/>
             <input type="hidden" name="valid" value="1"/>
+            {include file="forms_types/csrf.tpl"}
         </div>
         <p>{_T string="NB : The mandatory fields are in"} <span class="required">{_T string="red"}</span></p>
         </form>
diff --git a/galette/templates/default/attendance_sheet_details.tpl b/galette/templates/default/attendance_sheet_details.tpl
index a52d37ffb0..bd9c2254e3 100644
--- a/galette/templates/default/attendance_sheet_details.tpl
+++ b/galette/templates/default/attendance_sheet_details.tpl
@@ -31,6 +31,7 @@
 {foreach $selection as $member}
                 <input type="hidden" name="selection[]" value="{$member}"/>
 {/foreach}
+                {include file="forms_types/csrf.tpl"}
             </p>
         </fieldset>
 {if not $ajax}
diff --git a/galette/templates/default/change_passwd.tpl b/galette/templates/default/change_passwd.tpl
index c793ad2cb5..187200b217 100644
--- a/galette/templates/default/change_passwd.tpl
+++ b/galette/templates/default/change_passwd.tpl
@@ -16,5 +16,6 @@
                 </table>
                 <input type="submit" name="change_passwd" value="{_T string="Change my password"}"/>
                 <input type="hidden" name="hash" value="{$hash}"/>
+                {include file="forms_types/csrf.tpl"}
         </form>
 {/block}
diff --git a/galette/templates/default/common_scripts.tpl b/galette/templates/default/common_scripts.tpl
index f4e1dc719d..499a7e8099 100644
--- a/galette/templates/default/common_scripts.tpl
+++ b/galette/templates/default/common_scripts.tpl
@@ -1,5 +1,23 @@
         <script type="text/javascript">
+            function csrfSafeMethod(method) {
+                // these HTTP methods do not require CSRF protection
+                return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+            }
+
             $(function(){
+                $.ajaxPrefilter(function(options, originalOptions, jqXHR){
+                    if (options.type.toLowerCase() === "post") {
+                        // initialize `data` to empty string if it does not exist
+                        options.data = options.data || "";
+
+                        // add leading ampersand if `data` is non-empty
+                        options.data += options.data?"&":"";
+
+                        // add csrf
+                        options.data += encodeURIComponent("{$csrf_name_key}") + "=" + encodeURIComponent("{$csrf_name}") + "&" + encodeURIComponent("{$csrf_value_key}") + "=" + encodeURIComponent("{$csrf_value}")
+                    }
+                });
+
                 $.datepicker.setDefaults($.datepicker.regional['{$galette_lang}']);
     {if $galette_lang eq 'en'}
                 $.datepicker.setDefaults({
diff --git a/galette/templates/default/config_fields.tpl b/galette/templates/default/config_fields.tpl
index 12849db7aa..dd51a0a38f 100644
--- a/galette/templates/default/config_fields.tpl
+++ b/galette/templates/default/config_fields.tpl
@@ -55,6 +55,7 @@
             <button type="submit" class="action">
                 <i class="fas fa-save fa-fw"></i> {_T string="Save"}
             </button>
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
 {/block}
diff --git a/galette/templates/default/config_lists.tpl b/galette/templates/default/config_lists.tpl
index c36e0716ed..0968a6a6b4 100644
--- a/galette/templates/default/config_lists.tpl
+++ b/galette/templates/default/config_lists.tpl
@@ -57,6 +57,7 @@
                 <i class="fas fa-save fa-fw"></i> {_T string="Save"}
             </button>
         </div>
+        {include file="forms_types/csrf.tpl"}
     </form>
 {/block}
 
diff --git a/galette/templates/default/confirm_removal.tpl b/galette/templates/default/confirm_removal.tpl
index fc2157b3ec..1fff7ebe94 100644
--- a/galette/templates/default/confirm_removal.tpl
+++ b/galette/templates/default/confirm_removal.tpl
@@ -30,6 +30,7 @@
                 <input type="hidden" name="{$key}" value="{$value}"/>
                 {/if}
             {/foreach}
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
     </div>
diff --git a/galette/templates/default/directlink.tpl b/galette/templates/default/directlink.tpl
index de22d55c36..d4efc92bf6 100644
--- a/galette/templates/default/directlink.tpl
+++ b/galette/templates/default/directlink.tpl
@@ -9,6 +9,7 @@
                     <input type="submit" name="directlink" value="{_T string="Get my document"}" />
                     <input type="hidden" name="valid" value="1"/>
                     <input type="hidden" name="hash" value="{$hash}"/>
+                    {include file="forms_types/csrf.tpl"}
                 </section>
             </form>
 {/block}
diff --git a/galette/templates/default/edit_paymenttype.tpl b/galette/templates/default/edit_paymenttype.tpl
index ec40599ae9..bc6dccf2c8 100644
--- a/galette/templates/default/edit_paymenttype.tpl
+++ b/galette/templates/default/edit_paymenttype.tpl
@@ -16,6 +16,7 @@
             </button>
             <input type="submit" name="cancel" value="{_T string="Cancel"}"/>
             <input type="hidden" name="id" id="id" value="{$ptype->id}"/>
+            {include file="forms_types/csrf.tpl"}
         </div>
      </form>
 {/block}
diff --git a/galette/templates/default/edit_title.tpl b/galette/templates/default/edit_title.tpl
index 157d8a7ebd..178b05c066 100644
--- a/galette/templates/default/edit_title.tpl
+++ b/galette/templates/default/edit_title.tpl
@@ -20,6 +20,7 @@
                 </button>
                 <input type="submit" name="cancel" value="{_T string="Cancel"}"/>
                 <input type="hidden" name="id" id="id" value="{$title->id}"/>
+                {include file="forms_types/csrf.tpl"}
             </div>
      </form>
 {/block}
diff --git a/galette/templates/default/editer_champ.tpl b/galette/templates/default/editer_champ.tpl
index 29e7a029fb..41fbeb54b0 100644
--- a/galette/templates/default/editer_champ.tpl
+++ b/galette/templates/default/editer_champ.tpl
@@ -71,6 +71,7 @@
                 <button type="submit" class="action">
                     <i class="fas fa-save fa-fw"></i> {_T string="Save"}
                 </button>
+                {include file="forms_types/csrf.tpl"}
             </div>
 
      </form>
diff --git a/galette/templates/default/editer_intitule.tpl b/galette/templates/default/editer_intitule.tpl
index 18a4ad1e2c..ef23748cfc 100644
--- a/galette/templates/default/editer_intitule.tpl
+++ b/galette/templates/default/editer_intitule.tpl
@@ -39,6 +39,7 @@
             <i class="fas fa-save"></i>
             {_T string="Save"}
         </button>
+        {include file="forms_types/csrf.tpl"}
     </div>
     </div>
 </form>
diff --git a/galette/templates/default/export.tpl b/galette/templates/default/export.tpl
index 43719b7aef..5d9e14fed6 100644
--- a/galette/templates/default/export.tpl
+++ b/galette/templates/default/export.tpl
@@ -124,6 +124,7 @@
                 </fieldset>
             <div class="button-container">
                 <input type="submit" name="valid" value="{_T string="Continue"}"/>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </form>
 {/block}
diff --git a/galette/templates/default/forms_types/csrf.tpl b/galette/templates/default/forms_types/csrf.tpl
new file mode 100644
index 0000000000..c9744bdcd5
--- /dev/null
+++ b/galette/templates/default/forms_types/csrf.tpl
@@ -0,0 +1,2 @@
+<input type="hidden" name="{$csrf_name_key}" value="{$csrf_name}"/>
+<input type="hidden" name="{$csrf_value_key}" value="{$csrf_value}"/>
\ No newline at end of file
diff --git a/galette/templates/default/gestion_adherents.tpl b/galette/templates/default/gestion_adherents.tpl
index fc8ae326b8..7d67ccc136 100644
--- a/galette/templates/default/gestion_adherents.tpl
+++ b/galette/templates/default/gestion_adherents.tpl
@@ -104,6 +104,7 @@ We have to use a template file, so Smarty will do its work (like replacing varia
             </p>
             <pre id="sql_qry" class="hidden">{$filters->query}</pre>
 {/if}
+            {include file="forms_types/csrf.tpl"}
         </div>
         <div class="infoline">
             {_T string="%count member" plural="%count members" count=$nb_members pattern="/%count/" replace=$nb_members}
@@ -354,7 +355,7 @@ We have to use a template file, so Smarty will do its work (like replacing varia
     {/if}
         </ul>
 {/if}
-
+            {include file="forms_types/csrf.tpl"}
         </form>
 {if $nb_members != 0}
         <div id="legende" title="{_T string="Legend"}">
@@ -511,6 +512,7 @@ We have to use a template file, so Smarty will do its work (like replacing varia
                     }
 
                     if (this.id == 'masscontributions') {
+                        event.preventDefault();
                         $.ajax({
                             url: '{path_for name="batch-memberslist"}',
                             type: "POST",
diff --git a/galette/templates/default/gestion_contributions.tpl b/galette/templates/default/gestion_contributions.tpl
index 8e34f2a968..0064f29fb6 100644
--- a/galette/templates/default/gestion_contributions.tpl
+++ b/galette/templates/default/gestion_contributions.tpl
@@ -61,6 +61,7 @@
                 </select>
                 <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
             </div>
+            {include file="forms_types/csrf.tpl"}
         </div>
         </form>
         <form action="{path_for name="batch-contributionslist" data=["type" => "contributions"]}" method="post" id="listform">
@@ -307,6 +308,7 @@
                 <button type="submit" id="csv" name="csv">
                     <i class="fas fa-file-csv fa-fw"></i> {_T string="Export as CSV"}
                 </button>
+                {include file="forms_types/csrf.tpl"}
             </li>
         </ul>
     {/if}
diff --git a/galette/templates/default/gestion_intitules.tpl b/galette/templates/default/gestion_intitules.tpl
index 4b99a78853..17be135f71 100644
--- a/galette/templates/default/gestion_intitules.tpl
+++ b/galette/templates/default/gestion_intitules.tpl
@@ -4,6 +4,7 @@
 <form action="{path_for name="doAddEntitled" data=["class" => $url_class]}" method="post" class="tabbed">
 <div id="intitules_tabs">
     {include file="gestion_intitule_content.tpl"}
+    {include file="forms_types/csrf.tpl"}
 </div>
 </form>
 {/block}
diff --git a/galette/templates/default/gestion_mailings.tpl b/galette/templates/default/gestion_mailings.tpl
index 74ac867ec8..0ea3812603 100644
--- a/galette/templates/default/gestion_mailings.tpl
+++ b/galette/templates/default/gestion_mailings.tpl
@@ -45,6 +45,7 @@
                         {html_options options=$nbshow_options selected=$numrows}
                     </select>
                     <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                    {include file="forms_types/csrf.tpl"}
                 </td>
             </tr>
         </table>
diff --git a/galette/templates/default/gestion_paymentstypes.tpl b/galette/templates/default/gestion_paymentstypes.tpl
index 3c88216960..cbab043a35 100644
--- a/galette/templates/default/gestion_paymentstypes.tpl
+++ b/galette/templates/default/gestion_paymentstypes.tpl
@@ -77,6 +77,7 @@
             {/foreach}
                     </tbody>
                 </table>
+            {include file="forms_types/csrf.tpl"}
         </form>
 {/block}
 
diff --git a/galette/templates/default/gestion_pdf_content.tpl b/galette/templates/default/gestion_pdf_content.tpl
index d8956fcc9d..f13b6bed77 100644
--- a/galette/templates/default/gestion_pdf_content.tpl
+++ b/galette/templates/default/gestion_pdf_content.tpl
@@ -50,6 +50,7 @@
                 <button type="submit" class="action">
                     <i class="fas fa-save fa-fw"></i> {_T string="Save"}
                 </button>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </form>
         {include file="replacements_legend.tpl" legends=$model->getLegend() cur_ref=$model->id}
\ No newline at end of file
diff --git a/galette/templates/default/gestion_textes.tpl b/galette/templates/default/gestion_textes.tpl
index 1fdde520cb..b1a8ea8d81 100644
--- a/galette/templates/default/gestion_textes.tpl
+++ b/galette/templates/default/gestion_textes.tpl
@@ -18,6 +18,7 @@
                     {/foreach}
                 </select>
                 <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+            {include file="forms_types/csrf.tpl"}
         </form>
         </div>
 
@@ -42,6 +43,7 @@
             <button type="submit" class="action">
                 <i class="fas fa-save fa-fw"></i> {_T string="Save"}
             </button>
+            {include file="forms_types/csrf.tpl"}
         </div>
         </form>
         {include file="replacements_legend.tpl" legends=$texts->getLegend() cur_ref=$cur_ref}
diff --git a/galette/templates/default/gestion_titres.tpl b/galette/templates/default/gestion_titres.tpl
index 762e32dea2..dca09bf6af 100644
--- a/galette/templates/default/gestion_titres.tpl
+++ b/galette/templates/default/gestion_titres.tpl
@@ -74,6 +74,7 @@
             {/foreach}
                     </tbody>
                 </table>
+            {include file="forms_types/csrf.tpl"}
         </form>
 {/block}
 
diff --git a/galette/templates/default/gestion_transactions.tpl b/galette/templates/default/gestion_transactions.tpl
index 69273777eb..f4e046f8ce 100644
--- a/galette/templates/default/gestion_transactions.tpl
+++ b/galette/templates/default/gestion_transactions.tpl
@@ -37,6 +37,7 @@
                         {html_options options=$nbshow_options selected=$numrows}
                     </select>
                     <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                    {include file="forms_types/csrf.tpl"}
                 </td>
             </tr>
         </table>
diff --git a/galette/templates/default/group.tpl b/galette/templates/default/group.tpl
index a918089ca0..522692f50b 100644
--- a/galette/templates/default/group.tpl
+++ b/galette/templates/default/group.tpl
@@ -86,6 +86,7 @@
                 {_T string="Group PDF"}
             </a>
             <input type="hidden" name="id_group" id="id_group" value="{$group->getId()}"/>
+            {include file="forms_types/csrf.tpl"}
         </div>
         <p>{_T string="NB : The mandatory fields are in"} <span class="required">{_T string="red"}</span></p>
         </form>
diff --git a/galette/templates/default/history.tpl b/galette/templates/default/history.tpl
index f97961dc78..9fcc75c2bc 100644
--- a/galette/templates/default/history.tpl
+++ b/galette/templates/default/history.tpl
@@ -50,6 +50,7 @@
                     {html_options options=$nbshow_options selected=$numrows}
                 </select>
                 <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </div>
     </form>
diff --git a/galette/templates/default/import.tpl b/galette/templates/default/import.tpl
index 3f9f3d3514..7d473e6983 100644
--- a/galette/templates/default/import.tpl
+++ b/galette/templates/default/import.tpl
@@ -61,6 +61,7 @@
                             <i class="fas fa-file-import"></i>
                             {_T string="Import"}
                         </button>
+                        {include file="forms_types/csrf.tpl"}
                     </div>
 {else}
                     <p>{_T string="No import file actually exists."}<br/>{_T string="Use upload form below to send a new file on server, or copy it directly in the imports directory."}</p>
@@ -81,6 +82,7 @@
                             <i class="fas fa-upload" aria-hidd="true"></i>
                             {_T string="Upload file"}
                         </button>
+                        {include file="forms_types/csrf.tpl"}
                     </div>
                 </div>
             </fieldset>
diff --git a/galette/templates/default/import_model.tpl b/galette/templates/default/import_model.tpl
index 29313db488..f0b23358d9 100644
--- a/galette/templates/default/import_model.tpl
+++ b/galette/templates/default/import_model.tpl
@@ -75,6 +75,7 @@
                 <i class="fas fa-save" aria-hidden="true"></i>
                 {_T string="Store new model"}
             </button>
+            {include file="forms_types/csrf.tpl"}
         </div>
         </form>
     </div>
diff --git a/galette/templates/default/index.tpl b/galette/templates/default/index.tpl
index c032dfe89d..710a8d9869 100644
--- a/galette/templates/default/index.tpl
+++ b/galette/templates/default/index.tpl
@@ -17,6 +17,7 @@
                     </table>
                     <input type="submit" value="{_T string="Login"}" />
                     <input type="hidden" name="ident" value="1" />
+                    {include file="forms_types/csrf.tpl"}
                 </section>
                 </form>
 {/block}
diff --git a/galette/templates/default/liste_membres.tpl b/galette/templates/default/liste_membres.tpl
index e70c4cbdf4..d8d9cf4ccd 100644
--- a/galette/templates/default/liste_membres.tpl
+++ b/galette/templates/default/liste_membres.tpl
@@ -12,6 +12,7 @@
                         {html_options options=$nbshow_options selected=$numrows}
                     </select>
                     <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                    {include file="forms_types/csrf.tpl"}
                 </td>
             </tr>
         </table>
diff --git a/galette/templates/default/lostpasswd.tpl b/galette/templates/default/lostpasswd.tpl
index ccb455fb3d..e137d23fe1 100644
--- a/galette/templates/default/lostpasswd.tpl
+++ b/galette/templates/default/lostpasswd.tpl
@@ -8,6 +8,7 @@
                     </p>
                     <input type="submit" name="lostpasswd" value="{_T string="Recover password"}" />
                     <input type="hidden" name="valid" value="1"/>
+                    {include file="forms_types/csrf.tpl"}
                 </section>
                 </form>
 {/block}
diff --git a/galette/templates/default/mailing_adherents.tpl b/galette/templates/default/mailing_adherents.tpl
index d787c9a722..e460566492 100644
--- a/galette/templates/default/mailing_adherents.tpl
+++ b/galette/templates/default/mailing_adherents.tpl
@@ -144,7 +144,7 @@
                     </p>
                 </div>
         {/if}
-
+            {include file="forms_types/csrf.tpl"}
             </section>
         </div>
         </form>
diff --git a/galette/templates/default/mass_add_contribution.tpl b/galette/templates/default/mass_add_contribution.tpl
index 6e053518b0..88c6be4712 100644
--- a/galette/templates/default/mass_add_contribution.tpl
+++ b/galette/templates/default/mass_add_contribution.tpl
@@ -18,6 +18,7 @@
                 <input type="hidden" name="{$key}" value="{$value}"/>
                 {/if}
             {/foreach}
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
     </div>
diff --git a/galette/templates/default/mass_change_members.tpl b/galette/templates/default/mass_change_members.tpl
index e4edf532fd..ebde247bbc 100644
--- a/galette/templates/default/mass_change_members.tpl
+++ b/galette/templates/default/mass_change_members.tpl
@@ -59,6 +59,7 @@
                 <input type="hidden" name="{$key}" value="{$value}"/>
                 {/if}
             {/foreach}
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
     </div>
diff --git a/galette/templates/default/mass_choose_type.tpl b/galette/templates/default/mass_choose_type.tpl
index 89b131e86b..3404103cc3 100644
--- a/galette/templates/default/mass_choose_type.tpl
+++ b/galette/templates/default/mass_choose_type.tpl
@@ -27,6 +27,7 @@
                 <input type="hidden" name="{$key}" value="{$value}"/>
                 {/if}
             {/foreach}
+            {include file="forms_types/csrf.tpl"}
         </div>
     </form>
     </div>
diff --git a/galette/templates/default/member.tpl b/galette/templates/default/member.tpl
index ed5e078835..f65ab1499e 100644
--- a/galette/templates/default/member.tpl
+++ b/galette/templates/default/member.tpl
@@ -128,7 +128,7 @@
                     {/if}
                 {/if}
             {/foreach}
-
+            {include file="forms_types/csrf.tpl"}
             <a href="#" id="back2top">{_T string="Back to top"}</a>
         </div>
         </form>
diff --git a/galette/templates/default/plugin_initdb.tpl b/galette/templates/default/plugin_initdb.tpl
index c09d3cd838..f4e9803162 100644
--- a/galette/templates/default/plugin_initdb.tpl
+++ b/galette/templates/default/plugin_initdb.tpl
@@ -122,6 +122,7 @@
             <a href="{path_for name="plugins"}" class="button" id="btnback"><i class="fas fa-backward"></i> {_T string="Back to plugins managment page"}</a>
     {/if}
 {/if}
+            {include file="forms_types/csrf.tpl"}
         </p>
     </form>
     </div>
diff --git a/galette/templates/default/preferences.tpl b/galette/templates/default/preferences.tpl
index 2d7da82d5e..aea003fd84 100644
--- a/galette/templates/default/preferences.tpl
+++ b/galette/templates/default/preferences.tpl
@@ -589,6 +589,7 @@
             </button>
         </div>
         <p>{_T string="NB : The mandatory fields are in"} <span class="required">{_T string="red"}</span></p>
+        {include file="forms_types/csrf.tpl"}
         </form>
 
         {include file="telemetry.tpl" part="dialog"}
diff --git a/galette/templates/default/reminder.tpl b/galette/templates/default/reminder.tpl
index 11eeae377b..f6237ecaa3 100644
--- a/galette/templates/default/reminder.tpl
+++ b/galette/templates/default/reminder.tpl
@@ -32,6 +32,7 @@
                     <i class="fas fa-rocket" aria-hidden="true"></i>
                     {_T string="Send"}
                 </button>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </form>
 {foreach from=$previews key=key item=preview}
diff --git a/galette/templates/default/saved_searches.tpl b/galette/templates/default/saved_searches.tpl
index eb0cc32a6b..97389f0175 100644
--- a/galette/templates/default/saved_searches.tpl
+++ b/galette/templates/default/saved_searches.tpl
@@ -57,6 +57,7 @@
 {/foreach}
                     </tbody>
                 </table>
+            {include file="forms_types/csrf.tpl"}
         </form>
 {/block}
 
diff --git a/galette/templates/default/traduire_libelles.tpl b/galette/templates/default/traduire_libelles.tpl
index 02833973e9..ee8e89dfc6 100644
--- a/galette/templates/default/traduire_libelles.tpl
+++ b/galette/templates/default/traduire_libelles.tpl
@@ -11,6 +11,7 @@
                             {html_options values=$orig output=$orig selected=$text_orig}
                         </select>
                         <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                        {include file="forms_types/csrf.tpl"}
                     </p>
                 </form>
     {/if}
@@ -37,6 +38,7 @@
                 <button type="submit" name="trans" class="action">
                     <i class="fas fa-save fa-fw"></i> {_T string="Save"}
                 </button>
+                {include file="forms_types/csrf.tpl"}
             </div>
         </form>
 {else}
diff --git a/galette/templates/default/trombinoscope.tpl b/galette/templates/default/trombinoscope.tpl
index 1b8043cf73..adac06c5f5 100644
--- a/galette/templates/default/trombinoscope.tpl
+++ b/galette/templates/default/trombinoscope.tpl
@@ -12,6 +12,7 @@
                     {html_options options=$nbshow_options selected=$numrows}
                 </select>
                 <noscript> <span><input type="submit" value="{_T string="Change"}" /></span></noscript>
+                {include file="forms_types/csrf.tpl"}
             </td>
         </tr>
     </table>