diff --git a/app/controllers/graphql_devise/application_controller.rb b/app/controllers/graphql_devise/application_controller.rb
index c76cace5..427458d3 100644
--- a/app/controllers/graphql_devise/application_controller.rb
+++ b/app/controllers/graphql_devise/application_controller.rb
@@ -1,4 +1,8 @@
 module GraphqlDevise
   class ApplicationController < DeviseTokenAuth::ApplicationController
+    private
+
+    def verify_authenticity_token
+    end
   end
 end
diff --git a/spec/dummy/app/controllers/api/v1/graphql_controller.rb b/spec/dummy/app/controllers/api/v1/graphql_controller.rb
index 319ee065..3a535713 100644
--- a/spec/dummy/app/controllers/api/v1/graphql_controller.rb
+++ b/spec/dummy/app/controllers/api/v1/graphql_controller.rb
@@ -8,6 +8,11 @@ class GraphqlController < ApplicationController
       def graphql
         render json: DummySchema.execute(params[:query])
       end
+
+      private
+
+      def verify_authenticity_token
+      end
     end
   end
 end
diff --git a/spec/dummy/app/controllers/application_controller.rb b/spec/dummy/app/controllers/application_controller.rb
index 09705d12..1c07694e 100644
--- a/spec/dummy/app/controllers/application_controller.rb
+++ b/spec/dummy/app/controllers/application_controller.rb
@@ -1,2 +1,3 @@
 class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
 end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
index a2a77729..fa498afc 100644
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -39,4 +39,8 @@
   config.include(Requests::AuthHelpers, type: :request)
   config.include(ActiveSupport::Testing::TimeHelpers)
   config.include(Generators::FileHelpers, type: :generator)
+
+  config.before(:suite) do
+    ActionController::Base.allow_forgery_protection = true
+  end
 end