diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php
index cf4eef82a..4a4dd9ec7 100644
--- a/web/file_manager/fm_api.php
+++ b/web/file_manager/fm_api.php
@@ -2,6 +2,17 @@
 // Init
 //error_reporting(NULL);
 
+// Preventing CSRF
+if ($_SERVER['REQUEST_METHOD']=='POST') {
+    $host_arr=explode(":", $_SERVER['HTTP_HOST']);
+    $hostname=$host_arr[0];
+    $port = $_SERVER['SERVER_PORT'];
+    $expected_http_origin="https://".$hostname.":".$port;
+    if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
+        die ("Nope.");
+    }
+}
+
 header('Content-Type: application/json');
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");