diff --git a/djblets/auth/views.py b/djblets/auth/views.py
index 19d1b4a53aea53b8cdf6f4a7b35506640a62223f..8c15040c454080540b8c556ee9b42cb2dd09a3b5 100644
--- a/djblets/auth/views.py
+++ b/djblets/auth/views.py
@@ -28,9 +28,10 @@
 from __future__ import unicode_literals
 
 from django.contrib import auth
+from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template.context import RequestContext
-from django.http import HttpResponseRedirect
+from django.views.decorators.csrf import csrf_protect
 
 from djblets.auth.forms import RegistrationForm
 from djblets.auth.util import validate_test_cookie
@@ -40,10 +41,11 @@ from djblets.auth.util import validate_test_cookie
 #    User Registration    #
 ###########################
 
+@csrf_protect
 def register(request, next_page, form_class=RegistrationForm,
              extra_context={},
              template_name="accounts/register.html"):
-    if request.POST:
+    if request.method == 'POST':
         form = form_class(data=request.POST, request=request)
         form.full_clean()
         validate_test_cookie(form, request)
diff --git a/djblets/extensions/templates/extensions/extension_list.html b/djblets/extensions/templates/extensions/extension_list.html
index 323ea6c7970a8fad85430795dbde57723464ca99..ae6b26051bae8094bc6089162e32eea4b64d8078 100644
--- a/djblets/extensions/templates/extensions/extension_list.html
+++ b/djblets/extensions/templates/extensions/extension_list.html
@@ -25,6 +25,7 @@
 
 <div id="content-main">
  <form id="extension-manager" method="POST" action=".">
+  {% csrf_token %}
   <input type="hidden" name="full-reload" value="1" />
 
   <ul class="actions">
diff --git a/djblets/extensions/views.py b/djblets/extensions/views.py
index d913fe8eae9212fac106bf769a86e520ef96fd31..fd3c35bad04f31bad21e4ea87934d9d813dbec2a 100644
--- a/djblets/extensions/views.py
+++ b/djblets/extensions/views.py
@@ -29,8 +29,10 @@ from django.contrib.admin.views.decorators import staff_member_required
 from django.http import Http404, HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template.context import RequestContext
+from django.views.decorators.csrf import csrf_protect
 
 
+@csrf_protect
 @staff_member_required
 def extension_list(request, extension_manager,
                    template_name='extensions/extension_list.html'):
@@ -46,6 +48,7 @@ def extension_list(request, extension_manager,
         return render_to_response(template_name, RequestContext(request))
 
 
+@csrf_protect
 @staff_member_required
 def configure_extension(request, ext_class, form_class, extension_manager,
                         template_name='extensions/configure_extension.html'):
diff --git a/djblets/siteconfig/templates/siteconfig/settings.html b/djblets/siteconfig/templates/siteconfig/settings.html
index 30c036caee7f104a7d81f96aa695582049f38873..89de89ab13f8b34f4fd50048f43432aff568e7c0 100644
--- a/djblets/siteconfig/templates/siteconfig/settings.html
+++ b/djblets/siteconfig/templates/siteconfig/settings.html
@@ -34,6 +34,7 @@
 
 <div id="content-main">
  <form action="." method="post"{% if form.is_multipart %} enctype="multipart/form-data"{% endif %}>
+  {% csrf_token %}
 {% block form_content %}
 {% if form.Meta.fieldsets %}
 {%  for fieldset in form.Meta.fieldsets %}
diff --git a/djblets/siteconfig/views.py b/djblets/siteconfig/views.py
index 0ca54d11e374f38b84031b0d035fc42c0dff4cc1..9c29544c7c885e5484668036ac3cdb2252fb6369 100644
--- a/djblets/siteconfig/views.py
+++ b/djblets/siteconfig/views.py
@@ -29,10 +29,12 @@ from django.contrib.admin.views.decorators import staff_member_required
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template.context import RequestContext
+from django.views.decorators.csrf import csrf_protect
 
 from djblets.siteconfig.models import SiteConfiguration
 
 
+@csrf_protect
 @staff_member_required
 def site_settings(request, form_class,
                   template_name="siteconfig/settings.html",