diff --git a/application/modules/courses/views/scripts/view/index.phtml b/application/modules/courses/views/scripts/view/index.phtml
index 403de4a9bd030c7d99809581b148ea0ac48fc275..b6ff02e8661ee86417cf877528d730d0fc2d2aaf 100644
--- a/application/modules/courses/views/scripts/view/index.phtml
+++ b/application/modules/courses/views/scripts/view/index.phtml
@@ -167,6 +167,7 @@ $this->layout()->breadcrumbs = array($breadcrumb . ': ' . $this->course->getCour
     
     <?php if ($this->action) { ?>
     <form id="decisionForm" action="<?php echo $this->baseUrl(); ?>/requests/index/decide.post">
+        <?php echo $this->formHidden('xsrfToken', Unl_XsrfToken::getInstance()->create()); ?>
         Action: <?php echo $this->action->getName(); ?><br />
         <?php echo $this->formHidden('returnUrl', '/courses/view/index/id/' . $this->request->getId()); ?>
         <?php echo $this->formSelect('decisions[' . $this->request->getId() . ']', $this->selectedDecision, null, array('_null' => $this->defaultDecision) + $this->action->getResultStatusStrings($this->user)); ?>
diff --git a/application/modules/requests/controllers/IndexController.php b/application/modules/requests/controllers/IndexController.php
index 97adc9047ab96e2f19cde3a242889a4dcc7eb7cb..d46f2b56c9101695ae2158d38c78f81b0c1407bb 100644
--- a/application/modules/requests/controllers/IndexController.php
+++ b/application/modules/requests/controllers/IndexController.php
@@ -239,11 +239,19 @@ class Requests_IndexController extends App_Controller_Action
 				}
             }
 		}
+		
+		$this->view->xsrfToken = Unl_XsrfToken::getInstance()->create();
 	}
 
 	public function decidePostAction()
 	{
 	    $in = $this->getRequest()->getParams();
+	    
+	    if (!Unl_XsrfToken::getInstance()->verify($in['xsrfToken'])) {
+	    	throw new Zend_Exception('Invalid XSRF Token! Please go back click the Refresh button while holding Shift.');
+	    }
+	    
+	    exit;
 
 	    $requestDecisions = array();
 	    foreach ($in['decisions'] as $requestId => $decision) {
diff --git a/application/modules/requests/views/scripts/index/index.phtml b/application/modules/requests/views/scripts/index/index.phtml
index a38e2504c0be7c187f9445dea8edd3d76bd43416..7a56ca934942d9f809df16c9ad18779ca4c256f8 100644
--- a/application/modules/requests/views/scripts/index/index.phtml
+++ b/application/modules/requests/views/scripts/index/index.phtml
@@ -110,6 +110,7 @@
     </div>
     <div class="content">
     <form action="<?php echo $this->baseUrl(); ?>/requests/index/decide.post" method="post">
+        <?php echo $this->formHidden('xsrfToken', $this->xsrfToken); ?>
         <?php if(count($this->userRequests) == 0) { ?>
         <h2>You currently have no requests.</h2>
         <?php } else { ?>
@@ -269,6 +270,7 @@ foreach($this->roles as $roleData) {
         	<?php } ?>
 
         <form action="<?php echo $this->baseUrl(); ?>/requests/index/decide.post" method="post">
+            <?php echo $this->formHidden('xsrfToken', $this->xsrfToken); ?>
             <div class="setAllDecisions">
                 <?php echo $this->formSubmit('submit', 'Submit Decisions'); ?>
             </div>