diff --git a/yesod-auth/ChangeLog.md b/yesod-auth/ChangeLog.md
index 970cd994..46640af4 100644
--- a/yesod-auth/ChangeLog.md
+++ b/yesod-auth/ChangeLog.md
@@ -1,3 +1,7 @@
+## 1.4.13
+
+* Add a CSRF token to the login form from `Yesod.Auth.Hardcoded`, making it compatible with the CSRF middleware [#1161](https://github.com/yesodweb/yesod/pull/1161)
+
 ## 1.4.12
 
 * Deprecated Yesod.Auth.GoogleEmail
diff --git a/yesod-auth/Yesod/Auth/Hardcoded.hs b/yesod-auth/Yesod/Auth/Hardcoded.hs
index 592c0cf2..0f7061ad 100644
--- a/yesod-auth/Yesod/Auth/Hardcoded.hs
+++ b/yesod-auth/Yesod/Auth/Hardcoded.hs
@@ -160,10 +160,13 @@ authHardcoded =
   where
     dispatch "POST" ["login"] = postLoginR >>= sendResponse
     dispatch _ _ = notFound
-    loginWidget toMaster =
+    loginWidget toMaster = do
+      request <- getRequest
       [whamlet|
         $newline never
         <form method="post" action="@{toMaster loginR}">
+          $maybe t <- reqToken request
+            <input type=hidden name=#{defaultCsrfParamName} value=#{t}>
           <table>
             <tr>
               <th>_{Msg.UserName}
diff --git a/yesod-auth/yesod-auth.cabal b/yesod-auth/yesod-auth.cabal
index 28468eff..69c13d9d 100644
--- a/yesod-auth/yesod-auth.cabal
+++ b/yesod-auth/yesod-auth.cabal
@@ -1,5 +1,5 @@
 name:            yesod-auth
-version:         1.4.12
+version:         1.4.13
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman, Patrick Brisbin
@@ -23,7 +23,7 @@ library
     build-depends:   base                    >= 4         && < 5
                    , authenticate            >= 1.3
                    , bytestring              >= 0.9.1.4
-                   , yesod-core              >= 1.4       && < 1.5
+                   , yesod-core              >= 1.4.14    && < 1.5
                    , wai                     >= 1.4
                    , template-haskell
                    , base16-bytestring
diff --git a/yesod-form/Yesod/Form/Functions.hs b/yesod-form/Yesod/Form/Functions.hs
index 6fe69b04..fc1e9903 100644
--- a/yesod-form/Yesod/Form/Functions.hs
+++ b/yesod-form/Yesod/Form/Functions.hs
@@ -59,6 +59,7 @@ import Text.Blaze (Markup, toMarkup)
 #define Html Markup
 #define toHtml toMarkup
 import Yesod.Core
+import Yesod.Core.Handler (defaultCsrfParamName)
 import Network.Wai (requestMethod)
 import Text.Hamlet (shamlet)
 import Data.Monoid (mempty)
@@ -213,7 +214,7 @@ postHelper  :: (MonadHandler m, RenderMessage (HandlerSite m) FormMessage)
             -> m ((FormResult a, xml), Enctype)
 postHelper form env = do
     req <- getRequest
-    let tokenKey = "_token"
+    let tokenKey = defaultCsrfParamName
     let token =
             case reqToken req of
                 Nothing -> mempty
diff --git a/yesod-form/yesod-form.cabal b/yesod-form/yesod-form.cabal
index a7f715d5..ebfd6fa3 100644
--- a/yesod-form/yesod-form.cabal
+++ b/yesod-form/yesod-form.cabal
@@ -20,7 +20,7 @@ flag network-uri
 
 library
     build-depends:   base                  >= 4        && < 5
-                   , yesod-core            >= 1.4      && < 1.5
+                   , yesod-core            >= 1.4.14   && < 1.5
                    , yesod-persistent      >= 1.4      && < 1.5
                    , time                  >= 1.1.4
                    , shakespeare           >= 2.0