diff --git a/engine/Core.php b/engine/Core.php
index 256a52b6..008efe08 100644
--- a/engine/Core.php
+++ b/engine/Core.php
@@ -179,6 +179,7 @@ private function serve_controller() {
         }
 
         if (method_exists($this->current_controller, $this->current_method)) {
+            $this->csrf_protect();
             $target_method = $this->current_method;
             $this->current_controller = new $this->current_controller($this->current_module);
             $this->current_controller->$target_method($this->current_value);
@@ -187,6 +188,26 @@ private function serve_controller() {
         }
     }
 
+    private function csrf_protect() {
+        if (isset($_POST['submit'])) {
+            //make sure they have posted csrf_token
+            if (!isset($_POST['csrf_token'])) {
+                $this->csrf_block_request();
+            } else {
+                $result = password_verify(session_id(), $_POST['csrf_token']);
+                if ($result == false) {
+                    $this->csrf_block_request();
+                }
+
+                unset($_POST['csrf_token']);
+            }
+        }
+    }
+
+    private function csrf_block_request() {
+        redirect(BASE_URL);
+    }
+
     private function attempt_init_child_controller($controller_path) {
         $bits = explode('-', $this->current_controller);
 
diff --git a/engine/license.txt b/engine/license.txt
index 5debc95d..f7974295 100644
--- a/engine/license.txt
+++ b/engine/license.txt
@@ -3,7 +3,7 @@
  *
  * An open source PHP framework for web developers who like to break the rules
  *
- * Version: 1.3.3029
+ * Version: 1.3.3030
  *
  * This product is released under the MIT License (MIT)
  *
diff --git a/engine/tg_helpers/form_helper.php b/engine/tg_helpers/form_helper.php
index be6584f9..28194b93 100644
--- a/engine/tg_helpers/form_helper.php
+++ b/engine/tg_helpers/form_helper.php
@@ -34,6 +34,11 @@ function form_open_upload($location, $attributes=NULL, $additional_code=NULL) {
 }
 
 function form_close() {
+    $csrf_token = password_hash(session_id(), PASSWORD_BCRYPT, array(
+        'cost' => 11
+    ));
+
+    echo form_hidden('csrf_token', $csrf_token);
     $html = '</form>';
     return $html;
 }
diff --git a/license.txt b/license.txt
index 5debc95d..f7974295 100644
--- a/license.txt
+++ b/license.txt
@@ -3,7 +3,7 @@
  *
  * An open source PHP framework for web developers who like to break the rules
  *
- * Version: 1.3.3029
+ * Version: 1.3.3030
  *
  * This product is released under the MIT License (MIT)
  *