--- a/server/src/metaeducation/urls.py	Mon Jul 25 12:13:27 2016 +0200
+++ b/server/src/metaeducation/urls.py	Mon Jul 25 14:15:07 2016 +0200
@@ -18,8 +18,10 @@
 from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 from django.core.urlresolvers import reverse_lazy
+from django.views.decorators.csrf import requires_csrf_token
 from django.views.generic import RedirectView
 
+
 from .views import ListRenkansView, NewRenkanView, EditRenkanView, ViewRenkanView, DeleteRenkanView, UITrackingView, UITrackingViewClose
 
 
@@ -30,8 +32,8 @@
     url(r'^accounts/', include('allauth.urls')),
     url(r'^front/list/$', staff_member_required(ListRenkansView.as_view()), name='front_list_renkans'),
     url(r'^front/new/$', NewRenkanView.as_view(), name='front_new_renkan'),
-    url(r'^front/edit/(?P<renkan_guid>[\w-]+)/$', EditRenkanView.as_view(), name='front_edit_renkan'),
-    url(r'^front/view/(?P<renkan_guid>[\w-]+)/$', ViewRenkanView.as_view(), name='front_view_renkan'),
+    url(r'^front/edit/(?P<renkan_guid>[\w-]+)/$', requires_csrf_token(EditRenkanView.as_view()), name='front_edit_renkan'),
+    url(r'^front/view/(?P<renkan_guid>[\w-]+)/$', requires_csrf_token(ViewRenkanView.as_view()), name='front_view_renkan'),
     url(r'^tracking/$', UITrackingView.as_view(), name='tracking_view'),
     url(r'^tracking/close/$', UITrackingViewClose.as_view(), name='tracking_view_close'),
     url(r'^front/delete/$', staff_member_required(DeleteRenkanView.as_view()), name='front_delete_renkan')