diff --git a/web/routing.go b/web/routing.go
index 41e812f..5bb5f07 100644
--- a/web/routing.go
+++ b/web/routing.go
@@ -30,7 +30,7 @@ func StartWeb(fp *os.File, cmd []string, naked bool, port uint16) {
 	store := sessions.NewCookieStore([]byte(uniuri.NewLen(32)))
 	rt.Use(sessions.Sessions("witty-session", store))
 
-	csrfHttp := csrf.Protect([]byte(uniuri.NewLen(32)))
+	csrfHttp := csrf.Protect([]byte(uniuri.NewLen(32)), csrf.Path("/"))
 	csrfGin := adapter.Wrap(csrfHttp)
 	rt.Use(csrfGin)