diff --git a/src/application/views/appointments/book_success.php b/src/application/views/appointments/book_success.php
index 90d9efbf..fb83be13 100644
--- a/src/application/views/appointments/book_success.php
+++ b/src/application/views/appointments/book_success.php
@@ -92,6 +92,7 @@
         // ------------------------------------------------------------ ?>
     <script type="text/javascript">
         var GlobalVariables = {
+            'csrfToken'         : <?php echo json_encode($this->security->get_csrf_hash()); ?>,
             'appointmentData'   : <?php echo json_encode($appointment_data); ?>,
             'providerData'      : <?php echo json_encode($provider_data); ?>,
             'serviceData'       : <?php echo json_encode($service_data); ?>,
diff --git a/src/application/views/backend/calendar.php b/src/application/views/backend/calendar.php
index 716985c0..19ad1017 100644
--- a/src/application/views/backend/calendar.php
+++ b/src/application/views/backend/calendar.php
@@ -12,6 +12,7 @@
         
 <script type="text/javascript">    
     var GlobalVariables = {
+        'csrfToken'             : <?php echo json_encode($this->security->get_csrf_hash()); ?>,
         'availableProviders'    : <?php echo json_encode($available_providers); ?>,
         'availableServices'     : <?php echo json_encode($available_services); ?>,
         'baseUrl'               : <?php echo '"' . $base_url . '"'; ?>,
diff --git a/src/application/views/backend/customers.php b/src/application/views/backend/customers.php
index b11e23e1..866893c1 100644
--- a/src/application/views/backend/customers.php
+++ b/src/application/views/backend/customers.php
@@ -6,6 +6,7 @@
         
 <script type="text/javascript">    
     var GlobalVariables = {
+        'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
         'availableProviders': <?php echo json_encode($available_providers); ?>,
         'availableServices': <?php echo json_encode($available_services); ?>,
         'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
diff --git a/src/application/views/backend/services.php b/src/application/views/backend/services.php
index 463cc1c2..8fb59463 100644
--- a/src/application/views/backend/services.php
+++ b/src/application/views/backend/services.php
@@ -3,6 +3,7 @@
         
 <script type="text/javascript">    
     var GlobalVariables = {
+        'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
         'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
         'services': <?php echo json_encode($services); ?>,
         'categories': <?php echo json_encode($categories); ?>,
diff --git a/src/application/views/backend/settings.php b/src/application/views/backend/settings.php
index 5fc210e8..df23df89 100644
--- a/src/application/views/backend/settings.php
+++ b/src/application/views/backend/settings.php
@@ -9,6 +9,7 @@
         
 <script type="text/javascript">    
     var GlobalVariables = {
+        'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
         'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
         'userSlug': <?php echo '"' . $role_slug . '"'; ?>,
         'settings': {
diff --git a/src/application/views/backend/users.php b/src/application/views/backend/users.php
index f0b75c6f..0e5350bb 100644
--- a/src/application/views/backend/users.php
+++ b/src/application/views/backend/users.php
@@ -18,6 +18,7 @@
         
 <script type="text/javascript">    
     var GlobalVariables = {
+        'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
         'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
         'admins': <?php echo json_encode($admins); ?>,
         'providers': <?php echo json_encode($providers); ?>,
diff --git a/src/application/views/general/installation.php b/src/application/views/general/installation.php
index 2f872568..b7784dee 100644
--- a/src/application/views/general/installation.php
+++ b/src/application/views/general/installation.php
@@ -34,6 +34,7 @@
     
     <script type="text/javascript">
 	    var GlobalVariables = {
+            'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
             'baseUrl': <?php echo '"' . $base_url . '"'; ?>
         };
 
@@ -60,6 +61,7 @@
         
                 var postUrl = GlobalVariables.baseUrl + '/index.php/appointments/ajax_install';
                 var postData = {
+                    'csrfToken': GlobalVariables.csrfToken,
                     'admin': JSON.stringify(getAdminData()),
                     'company': JSON.stringify(getCompanyData())
                 };
diff --git a/src/application/views/user/forgot_password.php b/src/application/views/user/forgot_password.php
index 511a448e..3049da62 100644
--- a/src/application/views/user/forgot_password.php
+++ b/src/application/views/user/forgot_password.php
@@ -60,6 +60,7 @@
     <script type="text/javascript">
         $(document).ready(function() {
             var GlobalVariables = {
+                'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
                 'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
                 'AJAX_SUCCESS': 'SUCCESS',
                 'AJAX_FAILURE': 'FAILURE'
@@ -78,6 +79,7 @@
                 
                 var postUrl = GlobalVariables.baseUrl + '/index.php/user/ajax_forgot_password';
                 var postData = {
+                    'csrfToken': GlobalVariables.csrfToken,
                     'username': $('#username').val(),
                     'email': $('#email').val()
                 };
diff --git a/src/application/views/user/login.php b/src/application/views/user/login.php
index f3467507..1ad4be3e 100644
--- a/src/application/views/user/login.php
+++ b/src/application/views/user/login.php
@@ -64,6 +64,7 @@
     
     <script type="text/javascript">
         var GlobalVariables = {
+            'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>,
             'baseUrl': <?php echo '"' . $base_url . '"'; ?>,
             'destUrl': <?php echo '"' . $dest_url . '"'; ?>,
             'AJAX_SUCCESS': 'SUCCESS',
@@ -87,6 +88,7 @@
                 
                 var postUrl = GlobalVariables.baseUrl + '/index.php/user/ajax_check_login';
                 var postData = {
+                    'csrfToken': GlobalVariables.csrfToken,
                     'username': $('#username').val(),
                     'password': $('#password').val()
                 };