diff --git a/blueprints/admin.py b/blueprints/admin.py
index f4290c9..4af4ef3 100644
--- a/blueprints/admin.py
+++ b/blueprints/admin.py
@@ -639,6 +639,7 @@ def authorize_follow():
             )
         )
 
+    csrf.protect()
     actor = get_actor_url(request.form.get("profile"))
     if not actor:
         abort(500)