diff --git a/app/controllers/student_work_controller.rb b/app/controllers/student_work_controller.rb
index 4e97c373c..c76bbd7b6 100644
--- a/app/controllers/student_work_controller.rb
+++ b/app/controllers/student_work_controller.rb
@@ -8,6 +8,7 @@ class StudentWorkController < ApplicationController
   before_filter :member_of_course, :only => [:index, :new, :create, :show, :add_score, :praise_student_work]
   before_filter :author_of_work, :only => [:edit, :update, :destroy]
   before_filter :teacher_of_course, :only => [:student_work_absence_penalty, :absence_penalty_list, :evaluation_list]
+  protect_from_forgery :except => :set_program_score
 
   def index
     @order,@b_sort,@name,@group = params[:order] || "score",params[:sort] || "desc",params[:name] || "",params[:group]