diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 57a3c2a7424a7e24617c979204e84d0176677474..a5627e57b7e0cd2655d27d30d2b1981a9dfe39e7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,6 +17,7 @@ dev_deploy:
     - rsync -rav -e ssh --exclude='.git/' --exclude='.gitlab-ci.yml' --delete-excluded ./ amivburger@login.ee.ethz.ch:~/app_tmp
     - ssh -p22 amivburger@login.ee.ethz.ch "cp ~/app/app/config.py ~/app_tmp/app/"
     - ssh -p22 amivburger@login.ee.ethz.ch "mv ~/app ~/app_old && mv ~/app_tmp ~/app && chmod -R 700 ~/app"
+    - ssh -p22 amivburger@login.ee.ethz.ch "pip install -r ~/app/requirements.txt"
     - ssh -p22 amivburger@login.ee.ethz.ch "touch ~/app-touch-reload.gg"
     - ssh -p22 amivburger@login.ee.ethz.ch "rm -rf ~/app_old"
   environment:
diff --git a/app/__init__.py b/app/__init__.py
index dffa8452be35a65ae241c82e8386a9c08ee74c13..c1c41d111fa80d33bb998a82c0269b63171bb16c 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -1,4 +1,5 @@
 from flask import Flask, g, session
+from flask_wtf.csrf import CSRFProtect
 from .models import db
 from nethz.ldap import AuthenticatedLdap
 
@@ -11,6 +12,9 @@ app.secret_key = app.config['SECRET_KEY']
 ldap_connector = AuthenticatedLdap(app.config['LDAP_USERNAME'],
                                      app.config['LDAP_PASSWORD'])
 
+# Initialize CSRFProtect extension
+csrf = CSRFProtect(app)
+
 # Bind SQLAlchemy to Flask app
 db.init_app(app)
 
diff --git a/app/templates/creator.html b/app/templates/creator.html
index 07a756547c63217ce9049d2b9daa4f724c87572d..d94723723aee769bffb299266511d879cd4d8387 100644
--- a/app/templates/creator.html
+++ b/app/templates/creator.html
@@ -125,6 +125,7 @@
                 <input class="form-control" id="input_name" name="name" type="text" placeholder="Give your burger a name">
                 <input class="form-control" id="input_description" name="description" type="text" placeholder="Describe your burger"> <br/>
                 <input class="btn btn-primary" type="submit" value="Create Burger">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
             </div>
         </section>
     </div>
diff --git a/app/templates/vote.html b/app/templates/vote.html
index 4659f2a58047a1a3d5b03d36135032923e362e06..2e79231a5737311aa68378dc9ba6d5790db624ca 100644
--- a/app/templates/vote.html
+++ b/app/templates/vote.html
@@ -64,13 +64,17 @@
                     <h4 class="text-secondary mb-3">{{ burger.vote_count }} Votes</h4>
                     <form action="/vote" method="POST">
                         {% if not burger.vote_id %}
-                        <button class="btn btn-primary" type="submit">
-                            <img src="static/images/like.png" alt="Like"> Like
-                        </button>
-                        <input type="hidden" name="action" value="like"> {% else %}
-                        <button class="btn btn-muted" type="submit">Unlike</button>
-                        <input type="hidden" name="action" value="unlike"> {% endif %}
+                            <button class="btn btn-primary" type="submit">
+                                <img src="static/images/like.png" alt="Like"> Like
+                            </button>
+                            <input type="hidden" name="action" value="like">
+                            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                        {% else %}
+                            <button class="btn btn-muted" type="submit">Unlike</button>
+                            <input type="hidden" name="action" value="unlike">
+                        {% endif %}
                         <input type="hidden" name="burger_id" value="{{ burger.id }}">
+                        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
                     </form>
                 </div>
             </div>
diff --git a/requirements.txt b/requirements.txt
index 26f8f6aac4d63dfa4ca1df113f5ec9d664fc5bd8..e82c8779f0d465d778b8b071ae98ebf8a63735ce 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,6 +4,7 @@ Flask==0.12.2
 Flask-Login==0.4.1
 Flask-SQLAlchemy==2.3.2
 Flask-Webpack==0.1.0
+Flask-WTF==0.14.2
 isort==4.3.4
 itsdangerous==0.24
 Jinja2==2.10
@@ -11,6 +12,7 @@ lazy-object-proxy==1.3.1
 ldap3==2.4.1
 MarkupSafe==1.0
 mccabe==0.6.1
+-e git+https://github.com/NotSpecial/nethz.git@1d3004081c3618f1f41463476a847b0bddd6d91a#egg=nethz
 pyasn1==0.4.2
 pyldap==2.4.45
 pylint==1.8.2
@@ -19,4 +21,4 @@ six==1.11.0
 SQLAlchemy==1.2.3
 Werkzeug==0.14.1
 wrapt==1.10.11
--e git+https://github.com/NotSpecial/nethz.git#egg=nethz
+WTForms==2.1