diff --git a/apps/contacts/ajax/categories/delete.php b/apps/contacts/ajax/categories/delete.php
index 7c3261446bbb4f726394880380e5c70c4edb800b..68a308e32213521b87dc60ff4ad64d1c043b65a9 100644
--- a/apps/contacts/ajax/categories/delete.php
+++ b/apps/contacts/ajax/categories/delete.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
+OCP\JSON::callCheck();
 
 require_once('../loghandler.php');
 
diff --git a/apps/contacts/ajax/categories/rescan.php b/apps/contacts/ajax/categories/rescan.php
index fd875a965dc5cefdf212259797e5cd28eb09ab28..a06e7803955532caa3fa4f101d5781d2667c2bbe 100644
--- a/apps/contacts/ajax/categories/rescan.php
+++ b/apps/contacts/ajax/categories/rescan.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
+OCP\JSON::callCheck();
 
 OC_Contacts_App::scanCategories();
 $categories = OC_Contacts_App::getCategories();