Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r3abaa537dbbe6a541d3bac6cb5341e58b768104a -rc1a3db58d656de47b6006019dc48f592787bf032
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 3abaa537dbbe6a541d3bac6cb5341e58b768104a)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision c1a3db58d656de47b6006019dc48f592787bf032)
@@ -36,6 +36,7 @@
 
 org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do
 org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do
+org.owasp.csrfguard.protected.centralOutcomeRemove=/lams/outcome/outcomeRemove.do
 
 org.owasp.csrfguard.protected.gradebookExportExcelCourse=/lams/gradebook/gradebookMonitoring/exportExcelCourseGradebook.do
 org.owasp.csrfguard.protected.gradebookExportExcelLesson=/lams/gradebook/gradebookMonitoring/exportExcelLessonGradebook.do
Index: lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java
===================================================================
diff -u -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 -rc1a3db58d656de47b6006019dc48f592787bf032
--- lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java	(.../OutcomeController.java)	(revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2)
+++ lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java	(.../OutcomeController.java)	(revision c1a3db58d656de47b6006019dc48f592787bf032)
@@ -230,7 +230,7 @@
 	return "outcome/outcomeEdit";
     }
 
-    @RequestMapping("/outcomeRemove")
+    @RequestMapping(path = "/outcomeRemove", method = RequestMethod.POST)
     public String outcomeRemove(HttpServletRequest request, HttpServletResponse response) throws Exception {
 	Long outcomeId = WebUtil.readLongParam(request, "outcomeId", false);
 	Outcome outcome = (Outcome) userManagementService.findById(Outcome.class, outcomeId);
@@ -381,7 +381,7 @@
 	return responseJSON.toString();
     }
 
-    @RequestMapping("/outcomeRemoveMapping")
+    @RequestMapping(path = "/outcomeRemoveMapping", method = RequestMethod.POST)
     public void outcomeRemoveMapping(HttpServletRequest request, HttpServletResponse response) throws Exception {
 	Long mappingId = WebUtil.readLongParam(request, "mappingId");
 	OutcomeMapping outcomeMapping = (OutcomeMapping) userManagementService.findById(OutcomeMapping.class,
Index: lams_central/web/includes/javascript/outcome.js
===================================================================
diff -u -r8ed3b25f15a9ea80cc6f1c3d92210429404501df -rc1a3db58d656de47b6006019dc48f592787bf032
--- lams_central/web/includes/javascript/outcome.js	(.../outcome.js)	(revision 8ed3b25f15a9ea80cc6f1c3d92210429404501df)
+++ lams_central/web/includes/javascript/outcome.js	(.../outcome.js)	(revision c1a3db58d656de47b6006019dc48f592787bf032)
@@ -8,7 +8,8 @@
 
 function removeOutcome(outcomeId) {
 	if (confirm(LABELS.REMOVE_OUTCOME_CONFIRM_LABEL)) {
-		document.location.href = 'outcomeRemove.do?organisationID=' + organisationId + '&outcomeId=' + outcomeId;
+		var f = document.getElementById(outcomeId);
+		f.submit();
 	}
 }
 
@@ -90,4 +91,4 @@
 		}, 1000);
 	document.location.href = LAMS_URL + 'outcome/' + (isScaleExport ? 'scaleExport' : 'outcomeExport') + '.do?downloadTokenValue=' + token;
 	return false;
-}
\ No newline at end of file
+}
Index: lams_central/web/outcome/outcomeManage.jsp
===================================================================
diff -u -r8ed3b25f15a9ea80cc6f1c3d92210429404501df -rc1a3db58d656de47b6006019dc48f592787bf032
--- lams_central/web/outcome/outcomeManage.jsp	(.../outcomeManage.jsp)	(revision 8ed3b25f15a9ea80cc6f1c3d92210429404501df)
+++ lams_central/web/outcome/outcomeManage.jsp	(.../outcomeManage.jsp)	(revision c1a3db58d656de47b6006019dc48f592787bf032)
@@ -2,6 +2,7 @@
 <%@ taglib uri="tags-lams" prefix="lams"%>
 <%@ taglib uri="tags-fmt" prefix="fmt"%>
 <%@ taglib uri="tags-core" prefix="c"%>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
 
 <!DOCTYPE html>
 <lams:html>
@@ -86,9 +87,7 @@
 				</div>
 				<div class="col-xs-1">
 					<c:if test="${not empty outcome.organisation or canManageGlobal}">
-						<i class="manageButton fa fa-remove" title="<fmt:message key='outcome.manage.remove' />"
-					   	   onClick="javascript:removeOutcome(${outcome.outcomeId})" >
-						</i>
+					<csrf:form style="display: inline-block;" id="remove_${outcome.outcomeId}" method="post" action="outcomeRemove.do"><input type="hidden" name="outcomeId" value="${outcome.outcomeId}"/><button type="button" onClick="javascript:removeOutcome('remove_${outcome.outcomeId}')" class="btn btn-danger btn-xs"><i class="fa fa-trash" title="<fmt:message key='outcome.manage.remove' />"></i></button></csrf:form>
 					</c:if>
 				</div>
 			</div>
@@ -118,4 +117,4 @@
 	</div>
 </lams:Page>
 </body>
-</lams:html>
\ No newline at end of file
+</lams:html>