Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r328b2d5068eb7b9c271f43e55b3f19a05733312b -ree2eb1711b99ac1eb975da1934ea4e78df57c89f
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 328b2d5068eb7b9c271f43e55b3f19a05733312b)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision ee2eb1711b99ac1eb975da1934ea4e78df57c89f)
@@ -51,6 +51,9 @@
 org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do
 org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do
 org.owasp.csrfguard.protected.centralOutcomeRemove=/lams/outcome/outcomeRemove.do
+org.owasp.csrfguard.protected.centralAddLessonDependency=/lams/lessonConditions/addLessonDependency.do
+org.owasp.csrfguard.protected.centralSetDaysToFinish=/lams/lessonConditions/setDaysToLessonFinish.do
+org.owasp.csrfguard.protected.centralDelLessonDependency=/lams/lessonConditions/removeLessonDependency.do
 
 org.owasp.csrfguard.protected.gradebookExportExcelCourse=/lams/gradebook/gradebookMonitoring/exportExcelCourseGradebook.do
 org.owasp.csrfguard.protected.gradebookExportExcelLesson=/lams/gradebook/gradebookMonitoring/exportExcelLessonGradebook.do
Index: lams_central/src/java/org/lamsfoundation/lams/web/LessonConditionsController.java
===================================================================
diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -ree2eb1711b99ac1eb975da1934ea4e78df57c89f
--- lams_central/src/java/org/lamsfoundation/lams/web/LessonConditionsController.java	(.../LessonConditionsController.java)	(revision f2ad75cef0c507a64877942631fee13efbc6ed50)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LessonConditionsController.java	(.../LessonConditionsController.java)	(revision ee2eb1711b99ac1eb975da1934ea4e78df57c89f)
@@ -60,6 +60,7 @@
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 /**
  * This Action takes care of operations on lesson conditional release based on preceding lesson completion.
@@ -164,7 +165,7 @@
      *
      * @throws InvalidParameterException
      */
-    @RequestMapping("/removeLessonDependency")
+    @RequestMapping(path = "/removeLessonDependency", method = RequestMethod.POST)
     public String removeLessonDependency(HttpServletRequest request, HttpServletResponse response) throws IOException {
 	Long lessonId = WebUtil.readLongParam(request, CentralConstants.PARAM_LESSON_ID, false);
 	if (!securityService.isLessonOwner(lessonId, getUser().getUserID(), "remove lesson dependency", false)) {
@@ -195,7 +196,7 @@
      *
      * @throws InvalidParameterException
      */
-    @RequestMapping("/addLessonDependency")
+    @RequestMapping(path = "/addLessonDependency", method = RequestMethod.POST)
     public String addLessonDependency(HttpServletRequest request, HttpServletResponse response) throws IOException {
 	Long lessonId = WebUtil.readLongParam(request, CentralConstants.PARAM_LESSON_ID, false);
 	if (!securityService.isLessonOwner(lessonId, getUser().getUserID(), "add lesson dependency", false)) {
@@ -222,7 +223,7 @@
      *
      * @throws IOException
      */
-    @RequestMapping("/setDaysToLessonFinish")
+    @RequestMapping(path = "/setDaysToLessonFinish", method = RequestMethod.POST)
     public String setDaysToLessonFinish(HttpServletRequest request, HttpServletResponse response) throws IOException {
 	Long lessonId = WebUtil.readLongParam(request, CentralConstants.PARAM_LESSON_ID, false);
 	if (!securityService.isLessonOwner(lessonId, getUser().getUserID(), "set days to lesson finish", false)) {
@@ -309,4 +310,4 @@
 	HttpSession ss = SessionManager.getSession();
 	return (UserDTO) ss.getAttribute(AttributeNames.USER);
     }
-}
\ No newline at end of file
+}
Index: lams_central/web/indexLessonConditions.jsp
===================================================================
diff -u -rae9912edeb82523d71d1e18df67ec5ee7e6301a8 -ree2eb1711b99ac1eb975da1934ea4e78df57c89f
--- lams_central/web/indexLessonConditions.jsp	(.../indexLessonConditions.jsp)	(revision ae9912edeb82523d71d1e18df67ec5ee7e6301a8)
+++ lams_central/web/indexLessonConditions.jsp	(.../indexLessonConditions.jsp)	(revision ee2eb1711b99ac1eb975da1934ea4e78df57c89f)
@@ -1,8 +1,5 @@
-<%@ page contentType="text/html; charset=utf-8" language="java"%>
-<%@ taglib uri="tags-fmt" prefix="fmt"%>
-<%@ taglib uri="tags-core" prefix="c"%>
-<%@ taglib uri="tags-lams" prefix="lams"%>
-<%@ taglib uri="tags-function" prefix="fn"%>
+<%@ include file="/common/taglibs.jsp"%>
+
 <c:set var="lams"><lams:LAMSURL/></c:set>
 <!DOCTYPE html>
 <lams:html>
@@ -30,9 +27,8 @@
 		var lessonId="${lsId}";
 		var edit="${edit}";
 		
-		function removePrecedingLesson(precedingLessonId){
-			document.location.href="<lams:LAMSURL/>lessonConditions/removeLessonDependency.do?lsId=" + lessonId
-						  + "&precedingLessonId=" + precedingLessonId;
+		function submitForm(formId){
+			$(formId).submit();
 		}
 
 		$(document).ready(function(){
@@ -66,9 +62,13 @@
 				 <div class="list-group-item">
 					<c:out value="${precedingLesson.name}" />
 					<c:if test="${edit}">
+					<csrf:form style="display: inline-block;" class="pull-right" id="delete_${precedingLesson.id}" method="post" action="/lams/lessonConditions/removeLessonDependency.do">
+						<input type="hidden" name="lsId" value="${lsId}"/>
+						<input type="hidden" name="precedingLessonId" value="${precedingLesson.id}"/>
 						<span class="badge" style="background-color:white">
-							<i class="fa fa-fw fa-trash-o text-danger" style="cursor: pointer;" title="<fmt:message key="label.conditions.box.remove.dependency" />" onclick="javascript:removePrecedingLesson(${precedingLesson.id})"></i>
+							<i class="fa fa-fw fa-trash-o text-danger" style="cursor: pointer;" title="<fmt:message key="label.conditions.box.remove.dependency" />" onclick="javascript:submitForm(delete_${precedingLesson.id})"></i>
 						</span>
+					</csrf:form>
 					</c:if>
 				</div>
 			</c:forEach>
@@ -92,6 +92,8 @@
 				</c:when>
 				<c:otherwise>
 					<form action="${addLessonDependencyUrl}" method="post">
+						<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
+
 						<div class="form-group">	
 							<select class="form-control" name="precedingLessonId">
 								<c:forEach var="availableLesson" items="${availableLessons}">
@@ -141,6 +143,8 @@
 		<!-- Changing finish date -->
 		<div class="panel-body">
 			<form action="${setDaysToLessonFinishUrl}" method="post">
+				<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
+
 						<div class="form-group">
 							<label for="lessonDaysToFinish"><fmt:message key="advanced.tab.form.enter.number.days.label"/>: </label>
 							<select class="form-control" id="lessonDaysToFinish" name="lessonDaysToFinish">