diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index 16dcbacda..82dc2de9f 100755
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -267,7 +267,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
-	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true})
+	reqBasicAuth := context.Toggle(&context.ToggleOptions{BasicAuthRequired: true, DisableCSRF: true})
 
 	bindIgnErr := binding.BindIgnErr
 	validation.AddBindingRules()
@@ -1129,7 +1129,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 	//secure api,
 	m.Group("/secure", func() {
-		m.Post("/user", bindIgnErr(structs.CreateUserOption{}), apiAdmin.CreateUser)
+		m.Post("/user", binding.Bind(structs.CreateUserOption{}), apiAdmin.CreateUser)
 	}, reqBasicAuth)
 
 	m.Group("/api/internal", func() {