diff --git a/eveai_app/templates/document/add_document.html b/eveai_app/templates/document/add_document.html
index ef997a0..f2632fb 100644
--- a/eveai_app/templates/document/add_document.html
+++ b/eveai_app/templates/document/add_document.html
@@ -9,6 +9,12 @@
 {% block content %}
     <form method="post" enctype="multipart/form-data">
         {{ form.hidden_tag() }}
+        {# Debug: render CSRF veld expliciet om aanwezigheid in de DOM te garanderen #}
+        {% if form.csrf_token %}{{ form.csrf_token }}{% endif %}
+        <script>
+            // Client-side debug: bevestig dat het CSRF veld in de DOM staat
+            console.debug('[add_document] CSRF present in DOM?', !!document.querySelector('input[name="csrf_token"]'));
+        </script>
         {%  set disabled_fields = [] %}
         {%  set exclude_fields = [] %}
         {% for field in form.get_static_fields() %}
diff --git a/eveai_app/templates/user/tenant_make.html b/eveai_app/templates/user/tenant_make.html
index b5c1418..70b53d8 100644
--- a/eveai_app/templates/user/tenant_make.html
+++ b/eveai_app/templates/user/tenant_make.html
@@ -11,18 +11,18 @@
         {{ form.hidden_tag() }}
         {%  set disabled_fields = [] %}
         {%  set exclude_fields = [] %}
-        {% for field in form.get_static_fields() %}
+        {% for field in form %}
             {{ render_field(field, disabled_fields, exclude_fields) }}
         {% endfor %}
         <!-- Render Dynamic Fields -->
-        {% for collection_name, fields in form.get_dynamic_fields().items() %}
-            {% if fields|length > 0 %}
-                <h4 class="mt-4">{{ collection_name }}</h4>
-            {% endif %}
-            {% for field in fields %}
-                {{ render_field(field, disabled_fields, exclude_fields) }}
-            {% endfor %}
-        {% endfor %}
+{#        {% for collection_name, fields in form.get_dynamic_fields().items() %}#}
+{#            {% if fields|length > 0 %}#}
+{#                <h4 class="mt-4">{{ collection_name }}</h4>#}
+{#            {% endif %}#}
+{#            {% for field in fields %}#}
+{#                {{ render_field(field, disabled_fields, exclude_fields) }}#}
+{#            {% endfor %}#}
+{#        {% endfor %}#}
         <button type="submit" class="btn btn-primary">Register Tenant Make</button>
     </form>
 {% endblock %}
diff --git a/eveai_app/views/document_views.py b/eveai_app/views/document_views.py
index ba1e08b..2eb80de 100644
--- a/eveai_app/views/document_views.py
+++ b/eveai_app/views/document_views.py
@@ -6,6 +6,7 @@ from flask_security import roles_accepted, current_user
 from sqlalchemy import desc
 from sqlalchemy.orm import aliased
 from werkzeug.utils import secure_filename
+from werkzeug.datastructures import CombinedMultiDict
 from sqlalchemy.exc import SQLAlchemyError
 import requests
 from requests.exceptions import SSLError, HTTPError
@@ -354,7 +355,17 @@ def handle_retriever_selection():
 @document_bp.route('/add_document', methods=['GET', 'POST'])
 @roles_accepted('Super User', 'Partner Admin', 'Tenant Admin')
 def add_document():
-    form = AddDocumentForm(request.form)
+    # Log vroege request-info om uploadproblemen te diagnosticeren
+    try:
+        current_app.logger.debug(
+            f"[add_document] method={request.method}, content_type={request.content_type}, "
+            f"files_keys={list(request.files.keys())}"
+        )
+    except Exception:
+        pass
+
+    # Bind expliciet zowel form- als file-data aan de form (belangrijk voor FileField & CSRF)
+    form = AddDocumentForm(CombinedMultiDict([request.form, request.files]))
     catalog_id = session.get('catalog_id', None)
     if catalog_id is None:
         flash('You need to set a Session Catalog before adding Documents or URLs', 'warning')
@@ -364,6 +375,38 @@ def add_document():
     if catalog.configuration and len(catalog.configuration) > 0:
         form.add_dynamic_fields("tagging_fields", catalog.configuration)
 
+    current_app.logger.debug("In Add Document")
+
+    # Extra debug logging om CSRF/payload te controleren
+    try:
+        current_app.logger.debug(
+            f"[add_document] request.form keys: {list(request.form.keys())}"
+        )
+        current_app.logger.debug(
+            f"[add_document] csrf_token in form? {request.form.get('csrf_token') is not None}"
+        )
+        try:
+            has_csrf_field = hasattr(form, 'csrf_token')
+            current_app.logger.debug(
+                f"[add_document] form has csrf field? {has_csrf_field}"
+            )
+            if has_csrf_field:
+                # Let op: we loggen geen tokenwaarde om lekken te vermijden; enkel aanwezigheid
+                current_app.logger.debug(
+                    "[add_document] form.csrf_token field is present on form object"
+                )
+                # Bevestig of de CSRF-waarde effectief in de form is gebonden
+                try:
+                    current_app.logger.debug(
+                        f"[add_document] csrf bound? data_present={bool(form.csrf_token.data)} field_name={getattr(form.csrf_token, 'name', None)}"
+                    )
+                except Exception:
+                    pass
+        except Exception:
+            pass
+    except Exception:
+        pass
+
     if form.validate_on_submit():
         try:
             current_app.logger.info(f'Adding Document for {catalog_id}')
@@ -400,6 +443,25 @@ def add_document():
         except Exception as e:
             current_app.logger.error(f'Error adding document: {str(e)}')
             flash('An error occurred while adding the document.', 'danger')
+    else:
+        # Toon en log validatiefouten als de submit faalt
+        if request.method == 'POST':
+            try:
+                current_app.logger.warning(
+                    f"[add_document] form validation failed. errors={getattr(form, 'errors', {})}"
+                )
+                current_app.logger.debug(
+                    f"[add_document] request.files keys after validation: {list(request.files.keys())}"
+                )
+                current_app.logger.debug(
+                    f"[add_document] request.form keys after validation: {list(request.form.keys())}"
+                )
+                current_app.logger.debug(
+                    f"[add_document] csrf_token in form after validation? {request.form.get('csrf_token') is not None}"
+                )
+            except Exception:
+                pass
+            form_validation_failed(request, form)
 
     return render_template('document/add_document.html', form=form)
 
@@ -407,7 +469,16 @@ def add_document():
 @document_bp.route('/add_url', methods=['GET', 'POST'])
 @roles_accepted('Super User', 'Partner Admin', 'Tenant Admin')
 def add_url():
-    form = AddURLForm(request.form)
+    # Log vroege request-info om submitproblemen te diagnosticeren
+    try:
+        current_app.logger.debug(
+            f"[add_url] method={request.method}, content_type={request.content_type}, files_keys={list(request.files.keys())}"
+        )
+    except Exception:
+        pass
+
+    # Bind expliciet zowel form- als file-data (consistentie en duidelijkheid)
+    form = AddURLForm(CombinedMultiDict([request.form, request.files]))
     catalog_id = session.get('catalog_id', None)
     if catalog_id is None:
         flash('You need to set a Session Catalog before adding Documents or URLs', 'warning')
@@ -417,6 +488,15 @@ def add_url():
     if catalog.configuration and len(catalog.configuration) > 0:
         form.add_dynamic_fields("tagging_fields", catalog.configuration)
     url=""
+    # Kleine debug om te zien of CSRF aan de form gebonden is
+    try:
+        if hasattr(form, 'csrf_token'):
+            current_app.logger.debug(
+                f"[add_url] csrf bound? data_present={bool(form.csrf_token.data)} field_name={getattr(form.csrf_token, 'name', None)}"
+            )
+    except Exception:
+        pass
+
     if form.validate_on_submit():
         try:
             tenant_id = session['tenant']['id']
@@ -462,6 +542,15 @@ def add_url():
         except Exception as e:
             current_app.logger.error(f'Error adding document: {str(e)}')
             flash('An error occurred while adding the document.', 'danger')
+    else:
+        if request.method == 'POST':
+            try:
+                current_app.logger.warning(
+                    f"[add_url] form validation failed. errors={getattr(form, 'errors', {})}"
+                )
+            except Exception:
+                pass
+            form_validation_failed(request, form)
 
     return render_template('document/add_url.html', form=form)
 
diff --git a/eveai_app/views/user_forms.py b/eveai_app/views/user_forms.py
index 319f9ac..191145f 100644
--- a/eveai_app/views/user_forms.py
+++ b/eveai_app/views/user_forms.py
@@ -177,7 +177,7 @@ def validate_make_name(form, field):
             raise ValidationError(f'A Make with name "{field.data}" already exists. Choose another name.')
 
 
-class TenantMakeForm(DynamicFormBase):
+class TenantMakeForm(FlaskForm):
     name = StringField('Name', validators=[DataRequired(), Length(max=50), validate_make_name])
     description = TextAreaField('Description', validators=[Optional()])
     active = BooleanField('Active', validators=[Optional()], default=True)
diff --git a/eveai_app/views/user_views.py b/eveai_app/views/user_views.py
index 60c8fa3..4097a43 100644
--- a/eveai_app/views/user_views.py
+++ b/eveai_app/views/user_views.py
@@ -571,10 +571,12 @@ def delete_tenant_project(tenant_project_id):
 @roles_accepted('Super User', 'Partner Admin', 'Tenant Admin')
 def tenant_make():
     form = TenantMakeForm()
-    customisation_config = cache_manager.customisations_config_cache.get_config("CHAT_CLIENT_CUSTOMISATION")
-    default_customisation_options = create_default_config_from_type_config(customisation_config["configuration"])
+    current_app.logger.debug(f"ìn tenant_make view")
+    # customisation_config = cache_manager.customisations_config_cache.get_config("CHAT_CLIENT_CUSTOMISATION")
+    # default_customisation_options = create_default_config_from_type_config(customisation_config["configuration"])
 
     if form.validate_on_submit():
+        current_app.logger.debug(f"in tenant_make form validate")
         tenant_id = session['tenant']['id']
         new_tenant_make = TenantMake()
         form.populate_obj(new_tenant_make)
@@ -596,6 +598,8 @@ def tenant_make():
             flash(f'Failed to add Tenant Make. Error: {e}', 'danger')
             current_app.logger.error(f'Failed to add Tenant Make {new_tenant_make.name}'
                                      f'for tenant {tenant_id}. Error: {str(e)}')
+    else:
+        flash('Please fill in all required fields.', 'information')
 
     return render_template('user/tenant_make.html', form=form)