diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 20e6bba0..ee184be6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  protect_from_forgery
 
   before_action CASClient::Frameworks::Rails::Filter
   before_action :current_user
diff --git a/config/application.rb b/config/application.rb
index 3a59d145..1f4c8d6d 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -24,5 +24,8 @@ class Application < Rails::Application
 
     # Autoload lib/ folder including all subdirectories
     config.autoload_paths += Dir["#{config.root}/lib", "#{config.root}/lib/**/"]
+
+    # Use SSL for everything, including cookies
+    config.force_ssl = true
   end
 end