--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -124,6 +124,28 @@
         start_response(status, headers, exc_info)
         return app_iter
 
+class CSRFMiddleware(object):
+    '''On POSTs, looks for a special field name that matches the value of a given
+    cookie.  If this field is missing, the cookies are cleared to anonymize the
+    request.'''
+
+    def __init__(self, app, cookie_name, param_name=None):
+        if param_name is None: param_name = cookie_name
+        self._app = app
+        self._param_name = param_name
+        self._cookie_name = cookie_name
+
+    def __call__(self, environ, start_response):
+        req = Request(environ)
+        if req.method == 'POST':
+            cookie = req.cookies.get(self._cookie_name)
+            param = req.params.get(self._param_name)
+            if cookie != param:
+                log.warning('CSRF attempt detected, %r != %r', cookie, param)
+                del environ['HTTP_COOKIE']
+        return self._app(environ, start_response)
+
+
 class SSLMiddleware(object):
     'Verify the https/http schema is correct'