diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
new file mode 100644
index 0000000..bf993ee
--- /dev/null
+++ b/.github/workflows/code-quality.yml
@@ -0,0 +1,26 @@
+name: Deploy
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Use Node.js 16.x
+        uses: actions/setup-node@v2
+        with:
+          node-version: 16.x
+          cache: "npm"
+
+      - run: npm ci
+
+      - run: npx prettier --check .
+# vim: set et ts=2 sw=2:
diff --git a/index.js b/index.js
index a6431cb..50285dd 100755
--- a/index.js
+++ b/index.js
@@ -27,8 +27,8 @@ const handlebars = require("handlebars");
 
 const port = +process.env.PORT || 8080;
 
-let app = express();
-let http = app.listen(port);
+const app = express();
+const http = app.listen(port);
 
 app.set("views", path.join(__dirname, "views"));
 app.engine(
@@ -175,6 +175,24 @@ function flashify(req, obj) {
   return obj;
 }
 
+app.use((req, res, next) => {
+  if (req.method === "GET") {
+    return next();
+  }
+  let sourceHost = null;
+  if (req.headers.origin) {
+    sourceHost = new URL(req.headers.origin).host;
+  } else if (req.headers.referer) {
+    sourceHost = new URL(req.headers.referer).host;
+  }
+  if (sourceHost !== req.headers.host) {
+    throw new Error(
+      "Origin or Referer header does not match or is missing. Request has been blocked to prevent CSRF"
+    );
+  }
+  next();
+});
+
 app.all("/*", (req, res, next) => {
   res.filename = req.params[0];
 
diff --git a/package-lock.json b/package-lock.json
index ed25af2..02ca7b4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "file-manager",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "file-manager",
-      "version": "0.1.0",
+      "version": "0.2.0",
       "dependencies": {
         "@primer/octicons": "^16.1.1",
         "archiver": "^5.3.0",
diff --git a/package.json b/package.json
index a4b8bda..a58de04 100644
--- a/package.json
+++ b/package.json
@@ -10,6 +10,7 @@
     "file-manager": "index.js"
   },
   "dependencies": {
+    "@primer/octicons": "^16.1.1",
     "archiver": "^5.3.0",
     "body-parser": "^1.19.0",
     "bootstrap": "^5.0.0",
@@ -22,7 +23,6 @@
     "jquery": "^3.6.0",
     "node-pty": "^0.10.1",
     "notp": "^2.0.3",
-    "@primer/octicons": "^16.1.1",
     "rimraf": "^3.0.2",
     "thirty-two": "^1.0.2",
     "ws": "^8.2.3",