diff --git a/apps/contacts/ajax/importaddressbook.php b/apps/contacts/ajax/importaddressbook.php
index f93bbfa4d9dd2649a852511ba6589267e1e3462b..3c01e24a185c6ea4d3d110d7a1acc2d3b620d137 100644
--- a/apps/contacts/ajax/importaddressbook.php
+++ b/apps/contacts/ajax/importaddressbook.php
@@ -18,6 +18,7 @@ $maxUploadFilesize = min($maxUploadFilesize ,$freeSpace);
 
 $tmpl = new OCP\Template('contacts', 'part.importaddressbook');
 $tmpl->assign('uploadMaxFilesize', $maxUploadFilesize);
+$tmpl->assign('requesttoken', $_SERVER['HTTP_REQUESTTOKEN']);
 $tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
 $tmpl->printpage();
 ?>
diff --git a/apps/contacts/templates/part.importaddressbook.php b/apps/contacts/templates/part.importaddressbook.php
index 7805db7d64e1f205ef340e26c5047a082305d8cb..c7c6555f680bce0d6729852af5e254a872f47464 100644
--- a/apps/contacts/templates/part.importaddressbook.php
+++ b/apps/contacts/templates/part.importaddressbook.php
@@ -12,6 +12,7 @@
 	<th><?php echo $l->t('Select address book to import to:') ?></th>
 	<td>
 		<form id="import_upload_form" action="<?php echo OCP\Util::linkTo('contacts', 'ajax/uploadimport.php'); ?>" method="post" enctype="multipart/form-data" target="import_upload_target">
+			<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>">
 			<select id="book" name="book" class="float">
 			<?php
 			$contacts_options = OC_Contacts_Addressbook::all(OCP\USER::getUser());