diff --git a/app/pages/settings.php b/app/pages/settings.php
index ef7041b..2dcc825 100644
--- a/app/pages/settings.php
+++ b/app/pages/settings.php
@@ -7,6 +7,10 @@
  * adding, editing, and deleting platforms, hosts, agents.
  */
 
+// Check if this is an AJAX request
+$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && 
+          strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
+
 // Get any new feedback messages
 include '../app/helpers/feedback.php';
 
@@ -73,8 +77,10 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                 $_SESSION['error'] = "Editing the host failed. Error: $result";
             }
         }
-        header('Location: ' . $redirectUrl);
-        exit;
+        if (!$isAjax) {
+            header('Location: ' . $redirectUrl);
+            exit;
+        }
 
     // agent operations
     } elseif (isset($_POST['item']) && $_POST['item'] === 'agent') {
@@ -114,8 +120,10 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                 $_SESSION['error'] = "Editing the agent failed. Error: $result";
             }
         }
-        header('Location: ' . $redirectUrl);
-        exit;
+        if (!$isAjax) {
+            header('Location: ' . $redirectUrl);
+            exit;
+        }
 
     // platform operations
     } elseif (isset($_POST['item']) && $_POST['item'] === 'platform') {
@@ -153,8 +161,10 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                 $_SESSION['error'] = "Editing the platform failed. Error: $result";
             }
         }
-        header('Location: ' . $redirectUrl);
-        exit;
+        if (!$isAjax) {
+            header('Location: ' . $redirectUrl);
+            exit;
+        }
     }
 
 } else {
diff --git a/app/templates/settings.php b/app/templates/settings.php
index 0da4131..bf5cc5b 100644
--- a/app/templates/settings.php
+++ b/app/templates/settings.php
@@ -691,6 +691,7 @@ $(function() {
         const formData = new FormData();
         formData.append('item', 'platform');
         formData.append('platform', platformId);
+        formData.append('csrf_token', '<?= $security->generateCsrfToken() ?>');
         formData.append('name', platformTable.find('input[name="name"]').val());
         formData.append('jitsi_url', platformTable.find('input[name="jitsi_url"]').val());
         formData.append('jilo_database', platformTable.find('input[name="jilo_database"]').val());
@@ -914,6 +915,7 @@ $(function() {
         formData.append('item', 'host');
         formData.append('host', hostId);
         formData.append('platform', platformId);
+        formData.append('csrf_token', '<?= $security->generateCsrfToken() ?>');
 
         card.find('.host-edit-mode input').each(function() {
             formData.append($(this).attr('name'), $(this).val());
@@ -1048,6 +1050,7 @@ $(function() {
         formData.append('item', 'agent');
         formData.append('agent', agentId);
         formData.append('host', hostId);
+        formData.append('csrf_token', '<?= $security->generateCsrfToken() ?>');
 
         row.find('.agent-edit-mode input, .agent-edit-mode select').each(function() {
             formData.append($(this).attr('name'), $(this).val());