diff --git a/airsonic-main/src/main/java/org/airsonic/player/security/CsrfSecurityRequestMatcher.java b/airsonic-main/src/main/java/org/airsonic/player/security/CsrfSecurityRequestMatcher.java
index 262b1307..8a624c6f 100644
--- a/airsonic-main/src/main/java/org/airsonic/player/security/CsrfSecurityRequestMatcher.java
+++ b/airsonic-main/src/main/java/org/airsonic/player/security/CsrfSecurityRequestMatcher.java
@@ -6,6 +6,8 @@ import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
 
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.regex.Pattern;
 
 /**
@@ -19,24 +21,23 @@ import java.util.regex.Pattern;
 @Component
 public class CsrfSecurityRequestMatcher implements RequestMatcher {
     private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
-    private RegexRequestMatcher dwrRequestMatcher = new RegexRequestMatcher("/dwr/.*\\.dwr", "POST");
-    private RegexRequestMatcher restRequestMatcher = new RegexRequestMatcher("/rest/.*\\.view(\\?.*)?", "POST");
+    private Collection<RegexRequestMatcher> whiteListedMatchers;
+
+    public CsrfSecurityRequestMatcher() {
+        Collection<RegexRequestMatcher> whiteListedMatchers = new ArrayList<>();
+        whiteListedMatchers.add(new RegexRequestMatcher("/dwr/.*\\.dwr", "POST"));
+        whiteListedMatchers.add(new RegexRequestMatcher("/rest/.*\\.view(\\?.*)?", "POST"));
+        whiteListedMatchers.add(new RegexRequestMatcher("/search(?:\\.view)?", "POST"));
+        this.whiteListedMatchers = whiteListedMatchers;
+    }
 
     @Override
     public boolean matches(HttpServletRequest request) {
 
-        boolean requireCsrfToken = true;
-
-        if(allowedMethods.matcher(request.getMethod()).matches()){
-            requireCsrfToken = false;
-        } else {
-            if (dwrRequestMatcher.matches(request)) {
-                requireCsrfToken = false;
-            } else if (restRequestMatcher.matches(request)) {
-                requireCsrfToken = false;
-            }
-        }
+        boolean skipCSRF =
+                allowedMethods.matcher(request.getMethod()).matches() ||
+                whiteListedMatchers.stream().anyMatch(matcher -> matcher.matches(request));
 
-        return requireCsrfToken;
+        return !skipCSRF;
     }
 }
\ No newline at end of file
diff --git a/airsonic-main/src/main/webapp/WEB-INF/jsp/top.jsp b/airsonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
index 2b2d4980..79629551 100644
--- a/airsonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
+++ b/airsonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
@@ -125,7 +125,6 @@
 
         <td style="padding-left:1em">
             <form method="post" action="search.view" target="main" name="searchForm">
-                <sec:csrfInput />
                 <td><input type="text" name="query" id="query" size="28" placeholder="${search}" onclick="select();"
                            onkeyup="triggerInstantSearch();"></td>
                 <td><a href="javascript:document.searchForm.submit()"><img src="<spring:theme code="searchImage"/>" alt="${search}" title="${search}"></a></td>