diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c97df46..94bd7a2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -6,7 +6,7 @@ end
 class ApplicationController < LinguaFrancaApplicationController
 	# Prevent CSRF attacks by raising an exception.
 	# For APIs, you may want to use :null_session instead.
-	protect_from_forgery with: :exception
+	protect_from_forgery with: :exception, :except => [:do_confirm]
 
 	before_filter :capture_page_info
 
diff --git a/app/views/application/_login_confirm.html.haml b/app/views/application/_login_confirm.html.haml
index e569d28..307f69d 100644
--- a/app/views/application/_login_confirm.html.haml
+++ b/app/views/application/_login_confirm.html.haml
@@ -2,7 +2,7 @@
 	= columns(medium: 12) do
 		%h2=_'articles.permission_denied.headings.confirm_email','Please confirm your email address'
 	= columns(medium: 6, large: 5) do
-		= form_tag :do_confirm do
+		= form_tag :do_confirm, :authenticity_token => false do
 			.email-field.input-field
 				= email_field_tag :email, nil, required: true
 				= label_tag :email