diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
index 872950ec1..86fd00e8c 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
@@ -47,11 +47,13 @@ public class CSRFTest extends IntegrationTest {
         uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag")));
         checkAssignment3(callTrickHtml("csrf3.html"));
         
+        //Assignment 4
         uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review")));
         checkAssignment4(callTrickHtml("csrf4.html"));
         
+        //Assignment 7
         uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
-        //checkAssignment7(callTrickHtml("csrf7.html"));
+        checkAssignment7(callTrickHtml("csrf7.html"));
         
         //checkResults("/csrf");
         
@@ -135,18 +137,22 @@ public class CSRFTest extends IntegrationTest {
         params.clear();
         params.put("{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!", "\"}");
        
-    	String result = RestAssured.given()
+    	String flag = RestAssured.given()
             	.when()
             	.relaxedHTTPSValidation()
             	.cookie("JSESSIONID", getWebGoatCookie())
             	.header("Referer", webWolfUrl("/files/fake.html"))
-            	.formParams(params)
-            	.log().all()
             	.contentType(ContentType.TEXT)
+            	.body("{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!"+ "=\"}")
             	.post(goatURL)
             	.then()
-            	.log().all()
             	.extract().asString();
+    	flag = flag.substring(9+flag.indexOf("flag is:"));
+    	flag = flag.substring(0, flag.indexOf("\""));
+
+    	params.clear();
+        params.put("confirmFlagVal", flag);
+        checkAssignment(url("/WebGoat/csrf/feedback"), params, true);
         	
     }
     
diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java
index edf5bc108..3a436c231 100644
--- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java
+++ b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java
@@ -68,7 +68,7 @@ public class CSRFFeedback extends AssignmentEndpoint {
         } catch (IOException e) {
             return failed().feedback(ExceptionUtils.getStackTrace(e)).build();
         }
-        boolean correctCSRF = requestContainsWebGoatCookie(request.getCookies()) && request.getContentType().equals(MediaType.TEXT_PLAIN_VALUE);
+        boolean correctCSRF = requestContainsWebGoatCookie(request.getCookies()) && request.getContentType().contains(MediaType.TEXT_PLAIN_VALUE);
         correctCSRF &= hostOrRefererDifferentHost(request);
         if (correctCSRF) {
             String flag = UUID.randomUUID().toString();
@@ -89,8 +89,8 @@ public class CSRFFeedback extends AssignmentEndpoint {
     }
 
     private boolean hostOrRefererDifferentHost(HttpServletRequest request) {
-        String referer = request.getHeader("referer");
-        String host = request.getHeader("host");
+        String referer = request.getHeader("Referer");
+        String host = request.getHeader("Host");
         if (referer != null) {
             return !referer.contains(host);
         } else {