diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 55b17e55..34b02695 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -49,3 +49,16 @@ if ($skip_login_url_check==0) {
         }
     }
 }
+
+// Preventing all CSRF
+if ($skip_login_url_check==0) {
+    if ($_SERVER['REQUEST_METHOD']=='POST') {
+        $host_arr=explode(":", $_SERVER['HTTP_HOST']);
+        $hostname=$host_arr[0];
+        $port = $_SERVER['SERVER_PORT'];
+        $expected_http_origin="https://".$hostname.":".$port;
+        if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
+            die ("Nope.");
+        }
+    }
+}