diff --git a/src/Views/View.php b/src/Views/View.php
index 063f2e6..54ebd98 100644
--- a/src/Views/View.php
+++ b/src/Views/View.php
@@ -377,7 +377,7 @@ final public function renderContent($viewIndex = null)
 
         if ($this->model->isRootLeaf && !$this->model->suppressContainingForm) {
             $csrfProtector = CsrfProtection::singleton();
-            $content .= '<input type="hidden" name="' . CsrfProtection::TOKEN_COOKIE_NAME . '" value="' . htmlentities($csrfProtector->getCookie()) . '" />';
+            $content .= '<input type="hidden" class="js-' . CsrfProtection::TOKEN_COOKIE_NAME . '" name="' . CsrfProtection::TOKEN_COOKIE_NAME . '" value="' . htmlentities($csrfProtector->getCookie()) . '" />';
         }
 
         if ($this->requiresContainerDiv) {
diff --git a/src/Views/ViewBridge.js b/src/Views/ViewBridge.js
index 85ca07e..59c5011 100644
--- a/src/Views/ViewBridge.js
+++ b/src/Views/ViewBridge.js
@@ -679,6 +679,12 @@ ViewBridge.prototype.sendFileAsServerEvent = function (eventName, file, onProgre
             formData.append("_leafEventleafPath", hostPresenter.leafPath);
         }
 
+        var csrfTokenElements = this.eventHost.viewNode.parentElement.getElementsByClassName('js-csrf_tk');
+        if (csrfTokenElements.length > 0) {
+            var csrfToken = csrfTokenElements[0].value;
+            formData.append('csrf_tk', csrfToken);
+        }
+
         formData.append(this.leafPath, file);
 
         // Add all hidden State inputs on the page to ensure event processing can