diff --git a/app/cmd/routes.go b/app/cmd/routes.go
index 49bd7bfd3..b73c9c09c 100644
--- a/app/cmd/routes.go
+++ b/app/cmd/routes.go
@@ -34,6 +34,7 @@ func routes(r *web.Engine) *web.Engine {
 	})
 
 	r.Use(middlewares.Secure())
+	r.Use(middlewares.CSRF())
 	r.Use(middlewares.Compress())
 
 	assets := r.Group()
diff --git a/app/middlewares/security.go b/app/middlewares/security.go
index 6cfdc3342..c48216809 100644
--- a/app/middlewares/security.go
+++ b/app/middlewares/security.go
@@ -28,3 +28,16 @@ func Secure() web.MiddlewareFunc {
 		}
 	}
 }
+
+// Secure middleware is responsible for blocking CSRF attacks
+func CSRF() web.MiddlewareFunc {
+	return func(next web.HandlerFunc) web.HandlerFunc {
+		return func(c *web.Context) error {
+			var isWriteRequest = c.Request.Method == "POST" || c.Request.Method == "PUT" || c.Request.Method == "DELETE"
+			if isWriteRequest && !c.IsAjax() {
+				return c.Forbidden()
+			}
+			return next(c)
+		}
+	}
+}