diff --git a/classes/controller.php b/classes/controller.php
index f4be5409..94f9326b 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -266,7 +266,7 @@ class AdminController
$author = $this->grav['config']->get('site.author.name', '');
$fullname = $user->fullname ?: $username;
- $reset_link = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/reset/task' . $param_sep . 'reset/user'. $param_sep . $username . '/token' . $param_sep . $token;
+ $reset_link = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/reset/task' . $param_sep . 'reset/user'. $param_sep . $username . '/token' . $param_sep . $token . '/admin-nonce' . $param_sep . Utils::getNonce('admin-form');
$sitename = $this->grav['config']->get('site.title', 'Website');
$from = $this->grav['config']->get('plugins.email.from', 'noreply@getgrav.org');
diff --git a/themes/grav/js/admin-all.js b/themes/grav/js/admin-all.js
index 1516dfbe..5c1b9f0f 100644
--- a/themes/grav/js/admin-all.js
+++ b/themes/grav/js/admin-all.js
@@ -21,7 +21,9 @@ var bytesToSize = function(bytes) {
var isFirefox = navigator.userAgent.toLowerCase().indexOf('firefox') > -1;
var keepAlive = function keepAlive() {
- $.post(GravAdmin.config.base_url_relative + '/task' + GravAdmin.config.param_sep + 'keepAlive');
+ $.post(GravAdmin.config.base_url_relative + '/task' + GravAdmin.config.param_sep + 'keepAlive', {
+ 'admin-nonce': GravAdmin.config.admin_nonce
+ });
};
$(function () {
@@ -296,7 +298,7 @@ $(function () {
if (grav.isUpdatable) {
var icon = ' ';
content = 'Grav v{available} ' + translations.PLUGIN_ADMIN.IS_NOW_AVAILABLE + '! (' + translations.PLUGIN_ADMIN.CURRENT + ': v{version}) ',
- button = '';
+ button = '';
if (grav.isSymlink) {
button = '';