diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 9f7678e26..37eaa36d9 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -609,6 +609,7 @@ function rcmail_message_body($attrib)
     $safe_mode = $MESSAGE->is_safe || intval($_GET['_safe']);
     $out       = '';
     $part_no   = 0;
+    $token     = $RCMAIL->get_request_token();
 
     $header_attrib = array();
     foreach ($attrib as $attr => $value) {
@@ -647,7 +648,7 @@ function rcmail_message_body($attrib)
                 // #1487424: we need up to 10x more memory than the body
                 else if (!rcube_utils::mem_check($part->size * 10)) {
                     $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
-                        . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
+                        . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part='.$part->mime_id
                             .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
                     continue;
                 }
@@ -698,7 +699,7 @@ function rcmail_message_body($attrib)
         // #1487424: we need up to 10x more memory than the body
         if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) {
             $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
-                . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0'
+                . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_token='.$token.'&_part=0'
                     .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
         }
         else {