diff --git a/app/assets/javascripts/discourse/views/modal/login_view.js b/app/assets/javascripts/discourse/views/modal/login_view.js
index 12e5611ac..49b9f8a05 100644
--- a/app/assets/javascripts/discourse/views/modal/login_view.js
+++ b/app/assets/javascripts/discourse/views/modal/login_view.js
@@ -61,6 +61,7 @@ Discourse.LoginView = Discourse.ModalBodyView.extend({
         $hidden_login_form.find('input[name=username]').val(_this.get('loginName'));
         $hidden_login_form.find('input[name=password]').val(_this.get('loginPassword'));
         $hidden_login_form.find('input[name=redirect]').val(window.location.href);
+        $hidden_login_form.find('input[name=authenticity_token]').val($('meta[name=csrf-token]').attr('content'));
         $hidden_login_form.submit();
       }
     }).fail(function(result) {
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index b4d310386..63457f65f 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -26,6 +26,7 @@
         <input name="username" type="text"     id="signin_username">
         <input name="password" type="password" id="signin_password">
         <input name="redirect" type="hidden">
+        <input name="authenticity_token" type="hidden" />
         <input type="submit" id="signin-button" value="Log In">
       </form>
     <% end %>