diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d1..7d14012 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,13 @@
 class ApplicationController < ActionController::Base
+    after_action :set_csrf_cookie
+
+    private
+
+    def set_csrf_cookie
+      cookies["csrf-token"] = {
+        value: form_authenticity_token,
+        secure: Rails.env.production?,
+        same_site: :strict,
+      }
+    end
 end
diff --git a/app/controllers/guests_controller.rb b/app/controllers/guests_controller.rb
index aa23e4b..6272dd9 100644
--- a/app/controllers/guests_controller.rb
+++ b/app/controllers/guests_controller.rb
@@ -75,6 +75,11 @@ class GuestsController < ApplicationController
     redirect_to guests_url
   end
 
+  def bulk_update
+    Guest.where(id: params[:guest_ids]).update!(params.require(:properties).permit(:status))
+    render json: {}, status: :ok
+  end
+
   private
 
   # Use callbacks to share common setup or constraints between actions.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 794f390..f39246f 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -73,4 +73,6 @@ Rails.application.configure do
 
   # Raise error when a before_action's only/except options reference missing actions
   config.action_controller.raise_on_missing_callback_actions = true
+
+  config.hosts << "libre-wedding-planner.app.localhost"
 end
diff --git a/config/routes.rb b/config/routes.rb
index 6e4d17b..d1697bc 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,6 +2,7 @@ Rails.application.routes.draw do
   resources :groups, only: :index
   resources :guests do
     post :import, on: :collection
+    post :bulk_update, on: :collection
   end
   resources :expenses
   resources :tables_arrangements, only: [:index, :show]