diff --git a/app/controllers/course/basicdata.php b/app/controllers/course/basicdata.php
index eab5f3640bffc0ad9c5fa179b8ae3cbcceb5865e..114bcc8ee9f3ea87f0c72b33017f407945ef3d0f 100644
--- a/app/controllers/course/basicdata.php
+++ b/app/controllers/course/basicdata.php
@@ -612,7 +612,8 @@ class Course_BasicdataController extends AuthenticatedController
 
     public function add_member_action($course_id, $status = 'dozent')
     {
-        CSRFProtection::verifyUnsafeRequest();
+        // We don't need to check the csrf protection at this point since it
+        // is already checked by the multiperson search endpoint
 
         // load MultiPersonSearch object
         $mp = MultiPersonSearch::load("add_member_{$status}{$course_id}");