diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/CsrfSecurityRequestMatcher.java b/libresonic-main/src/main/java/org/libresonic/player/security/CsrfSecurityRequestMatcher.java
new file mode 100644
index 00000000..c2b78676
--- /dev/null
+++ b/libresonic-main/src/main/java/org/libresonic/player/security/CsrfSecurityRequestMatcher.java
@@ -0,0 +1,38 @@
+package org.libresonic.player.security;
+
+import org.springframework.security.web.util.matcher.RegexRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.regex.Pattern;
+
+/**
+ * See
+ *
+ * http://blogs.sourceallies.com/2014/04/customizing-csrf-protection-in-spring-security/
+ * https://docs.spring.io/spring-security/site/docs/current/reference/html/appendix-namespace.html#nsa-csrf
+ *
+ *
+ */
+@Component
+public class CsrfSecurityRequestMatcher implements RequestMatcher {
+    private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
+    private RegexRequestMatcher dwrRequestMatcher = new RegexRequestMatcher("/dwr/.*\\.dwr", "POST");
+
+    @Override
+    public boolean matches(HttpServletRequest request) {
+
+        boolean requireCsrfToken = true;
+
+        if(allowedMethods.matcher(request.getMethod()).matches()){
+            requireCsrfToken = false;
+        } else {
+            if (dwrRequestMatcher.matches(request)) {
+                requireCsrfToken = false;
+            }
+        }
+
+        return requireCsrfToken;
+    }
+}
\ No newline at end of file
diff --git a/libresonic-main/src/main/resources/applicationContext-security.xml b/libresonic-main/src/main/resources/applicationContext-security.xml
index 442c9c9c..d7850d46 100644
--- a/libresonic-main/src/main/resources/applicationContext-security.xml
+++ b/libresonic-main/src/main/resources/applicationContext-security.xml
@@ -9,6 +9,9 @@
 
     <security:http auto-config='true'>
 
+        <security:csrf request-matcher-ref="csrfSecurityRequestMatcher"/>
+
+
         <security:headers>
             <security:frame-options policy="SAMEORIGIN"/>
         </security:headers>
diff --git a/libresonic-main/src/main/resources/libresonic-servlet.xml b/libresonic-main/src/main/resources/libresonic-servlet.xml
index d3d25ccf..766057d3 100644
--- a/libresonic-main/src/main/resources/libresonic-servlet.xml
+++ b/libresonic-main/src/main/resources/libresonic-servlet.xml
@@ -13,7 +13,9 @@
         http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
     <mvc:annotation-driven />
-    <context:component-scan base-package="org.libresonic.player.controller, org.libresonic.player.validator"/>
+    <context:component-scan base-package="org.libresonic.player.controller,
+        org.libresonic.player.validator,
+        org.libresonic.player.security"/>
 
     <bean id="streamController" class="org.libresonic.player.controller.StreamController">
         <property name="playerService" ref="playerService"/>