diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c893722..5cb2319 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 require 'noosfero/multi_tenancy'
 
 class ApplicationController < ActionController::Base
-  #protect_from_forgery
+  protect_from_forgery
 
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
@@ -106,8 +106,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def verified_request?
-    true
-    #super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
+    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
   end
 
   def boxes_editor?
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 1d310b7..b957b48 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -568,12 +568,6 @@ function userDataCallback(data) {
     // logged in
     jQuery('head').append('<meta content="authenticity_token" name="csrf-param" />');
     jQuery('head').append('<meta content="'+jQuery.cookie("_noosfero_.XSRF-TOKEN")+'" name="csrf-token" />');
-    jQuery.ajaxSetup({
-      cache: false,
-      headers: {
-        'X-XSRF-TOKEN': jQuery.cookie("_noosfero_.XSRF-TOKEN")
-      }
-    });
   }
   if (data.notice) {
     display_notice(data.notice);
--
libgit2 0.21.2