diff --git a/app/controllers/management/base_controller.rb b/app/controllers/management/base_controller.rb
index a5a6ed593..6d4070e09 100644
--- a/app/controllers/management/base_controller.rb
+++ b/app/controllers/management/base_controller.rb
@@ -2,6 +2,7 @@ class Management::BaseController < ActionController::Base
   include GlobalizeFallbacks
   layout "management"
   default_form_builder ConsulFormBuilder
+  protect_from_forgery with: :exception
 
   before_action :verify_manager
   before_action :set_locale
diff --git a/app/controllers/management/sessions_controller.rb b/app/controllers/management/sessions_controller.rb
index 84d9d1265..d2fdfe3eb 100644
--- a/app/controllers/management/sessions_controller.rb
+++ b/app/controllers/management/sessions_controller.rb
@@ -4,6 +4,7 @@ class Management::SessionsController < ActionController::Base
   include GlobalizeFallbacks
   include AccessDeniedHandler
   default_form_builder ConsulFormBuilder
+  protect_from_forgery with: :exception
 
   def create
     destroy_session