diff --git a/app/package.json b/app/package.json
index f7db905001..32dd8b4980 100644
--- a/app/package.json
+++ b/app/package.json
@@ -112,6 +112,7 @@
     "json-schema": "^0.4.0",
     "lightship": "^7.1.1",
     "lodash": "^4.17.21",
+    "lusca": "^1.7.0",
     "luxon": "^3.2.1",
     "morgan": "^1.10.0",
     "next": "^13.1.6",
diff --git a/app/server/index.ts b/app/server/index.ts
index e21e27e103..c6eeee1e46 100644
--- a/app/server/index.ts
+++ b/app/server/index.ts
@@ -5,6 +5,7 @@ import morgan from "morgan";
 import nextjs from "next";
 import bodyParser from "body-parser";
 import cookieParser from "cookie-parser";
+import lusca from "lusca";
 import { createLightship } from "lightship";
 import session from "./middleware/session";
 import browserSupportMiddleware from "./middleware/browserSupport";
@@ -54,10 +55,10 @@ app.prepare().then(async () => {
 
   server.use(cookieParser());
 
-  server.use(graphqlUploadExpress());
-
   server.use(graphQlMiddleware());
 
+  server.use(lusca.csrf());
+  server.use(graphqlUploadExpress());
   server.use(attachmentDownloadRouter);
 
   server.get("*", async (req, res) => {
diff --git a/app/yarn.lock b/app/yarn.lock
index 61f7580caa..dcc02764ab 100644
--- a/app/yarn.lock
+++ b/app/yarn.lock
@@ -7761,6 +7761,13 @@ lru_map@^0.3.3:
   resolved "https://registry.yarnpkg.com/lru_map/-/lru_map-0.3.3.tgz#b5c8351b9464cbd750335a79650a0ec0e56118dd"
   integrity sha1-tcg1G5Rky9dQM1p5ZQoOwOVhGN0=
 
+lusca@^1.7.0:
+  version "1.7.0"
+  resolved "https://registry.yarnpkg.com/lusca/-/lusca-1.7.0.tgz#a5d979f1b51776e60d41e0ca98f886f1b8b95502"
+  integrity sha512-msnrplCfY7zaqlZBDEloCIKld+RUeMZVeWzSPaGUKeRXFlruNSdKg2XxCyR+zj6BqzcXhXlRnvcvx6rAGgsvMA==
+  dependencies:
+    tsscmp "^1.0.5"
+
 luxon@^3.2.1:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/luxon/-/luxon-3.3.0.tgz#d73ab5b5d2b49a461c47cedbc7e73309b4805b48"
@@ -10266,6 +10273,11 @@ tslib@~2.1.0:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.1.0.tgz#da60860f1c2ecaa5703ab7d39bc05b6bf988b97a"
   integrity sha512-hcVC3wYEziELGGmEEXue7D75zbwIIVUMWAVbHItGPx0ziyXxrOMQx4rQEVEV45Ut/1IotuEvwqPopzIOkDMf0A==
 
+tsscmp@^1.0.5:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
+  integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==
+
 tsutils@^3.21.0:
   version "3.21.0"
   resolved "https://registry.yarnpkg.com/tsutils/-/tsutils-3.21.0.tgz#b48717d394cea6c1e096983eed58e9d61715b623"