diff --git a/.travis.yml b/.travis.yml
index 4d53987..3756708 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,4 +4,5 @@ rvm:
   - 2.4
   - 2.5
   - 2.6
+  - 3.2
 script: bundle exec rspec
diff --git a/Gemfile b/Gemfile
index 2119b36..88f3cf4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in omniauth-nordea.gemspec
-gemspec
\ No newline at end of file
+# Specify your gem's dependencies in omniauth-seb-elink.gemspec
+gemspec
diff --git a/README.md b/README.md
index e6539c9..b39239b 100644
--- a/README.md
+++ b/README.md
@@ -2,20 +2,22 @@
 
 Omniauth strategy for using SEB e-link as an authentication service provider.
 
-[![Build Status](https://travis-ci.org/mak-it/omniauth-seb-elink.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-seb-elink)
+[![Build Status](https://travis-ci.org/mitigate-dev/omniauth-seb-elink.svg?branch=master)](https://travis-ci.org/mitigate-dev/omniauth-seb-elink)
 
 Supported Ruby versions: 2.2+
 
 ## Related projects
-- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
-- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
-- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
-- [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank
+
+- [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele
+- [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB
+- [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
+- [omniauth-swedbank](https://github.com/mitigate-dev/omniauth-swedbank) - strategy for authenticating with Swedbank
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):
 
+    gem 'omniauth-rails_csrf_protection'
     gem 'omniauth-seb-elink'
 
 And then execute:
@@ -24,7 +26,7 @@ And then execute:
 
 Or install it yourself as:
 
-    $ gem install omniauth-seb-elink
+    $ gem install omniauth-rails_csrf_protection omniauth-seb-elink
 
 ## Usage
 
diff --git a/lib/omniauth/strategies/seb.rb b/lib/omniauth/strategies/seb.rb
index a749be1..c89b15d 100644
--- a/lib/omniauth/strategies/seb.rb
+++ b/lib/omniauth/strategies/seb.rb
@@ -12,6 +12,14 @@ class ValidationError < StandardError; end
 
       include OmniAuth::Strategy
 
+      def self.render_nonce?
+         defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
+      end
+      if render_nonce?
+        include ActionDispatch::ContentSecurityPolicy::Request
+        delegate :get_header, :set_header, to: :request
+      end
+
       args [:public_crt, :snd_id]
 
       option :public_crt, nil
@@ -62,24 +70,49 @@ def callback_phase
       def request_phase
         fail!(:invalid_snd_id) if options.snd_id.nil?
 
+        set_locale_from_query_param
+
         message = OmniAuth::Strategies::Seb::Message.new(
           'IB_SND_ID': options.snd_id,
           'IB_SERVICE': AUTH_SERVICE,
-          'IB_LANG': 'LAT'
+          'IB_LANG': resolve_bank_ui_language
         )
 
         # Build redirect form
         form = OmniAuth::Form.new(title: I18n.t('omniauth.seb.please_wait'), url: options.site)
 
         message.each_pair do |k,v|
-          form.html "<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\" />"
+          form.html "<input type=\"hidden\" name=\"#{escape(k.to_s)}\" value=\"#{escape(v)}\" />"
         end
 
         form.button I18n.t('omniauth.seb.click_here_if_not_redirected')
+        nonce_attribute = nil
+        if self.class.render_nonce?
+          nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
+        end
         form.instance_variable_set('@html',
-          form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
+          form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
         form.to_response
       end
+
+      private
+
+      def set_locale_from_query_param
+        locale = request.params['locale']
+        I18n.locale = locale if I18n.locale_available?(locale)
+      end
+
+      def resolve_bank_ui_language
+        case I18n.locale
+        when :ru then 'RUS'
+        when :en then 'ENG'
+        else 'LAT'
+        end
+      end
+
+      def escape(html_attribute_value)
+         CGI.escapeHTML(html_attribute_value) unless html_attribute_value.nil?
+      end
     end
   end
 end
diff --git a/lib/omniauth/strategies/seb/response.rb b/lib/omniauth/strategies/seb/response.rb
index adf302b..78b4164 100644
--- a/lib/omniauth/strategies/seb/response.rb
+++ b/lib/omniauth/strategies/seb/response.rb
@@ -22,8 +22,12 @@ def validate!(pub_key)
           raw_str = SIGNED_KEYS.map{|k| prepend_length(@hash[k])}.join
           received_sig_str = Base64.decode64(@hash['IB_CRC'])
 
-          if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
-            raise ValidationError, 'Invalid signature'
+          if !pub_key.verify(OpenSSL::Digest::SHA512.new, received_sig_str, raw_str)
+            if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
+              raise ValidationError, 'Invalid signature'
+            else
+              OmniAuth.logger.debug('Received message with old SHA1 signature from SEB')
+            end
           end
 
           self
diff --git a/omniauth-seb-elink.gemspec b/omniauth-seb-elink.gemspec
index 8a10b1e..7d2f9d6 100644
--- a/omniauth-seb-elink.gemspec
+++ b/omniauth-seb-elink.gemspec
@@ -6,11 +6,11 @@ require 'omniauth/seb/version'
 Gem::Specification.new do |gem|
   gem.name          = 'omniauth-seb-elink'
   gem.version       = Omniauth::Seb::VERSION
-  gem.authors       = ['MAK IT']
-  gem.email         = ['admin@makit.lv']
+  gem.authors       = ['Mitigate']
+  gem.email         = ['admin@mitigate.dev']
   gem.description   = %q{OmniAuth strategy for SEB e-link}
   gem.summary       = %q{OmniAuth strategy for SEB e-link}
-  gem.homepage      = 'https://github.com/mak-it/omniauth-seb-elink'
+  gem.homepage      = 'https://github.com/mitigate-dev/omniauth-seb-elink'
   gem.license       = 'MIT'
 
   gem.files         = `git ls-files`.split($/)
@@ -20,7 +20,7 @@ Gem::Specification.new do |gem|
 
   gem.required_ruby_version = '>= 2.2.2'
 
-  gem.add_runtime_dependency 'omniauth', '~> 1.0'
+  gem.add_runtime_dependency 'omniauth', '~> 2.1'
   gem.add_runtime_dependency 'i18n'
 
   gem.add_development_dependency 'rack-test'
diff --git a/spec/omniauth/strategies/seb_spec.rb b/spec/omniauth/strategies/seb_spec.rb
index 8d0d206..e61456e 100644
--- a/spec/omniauth/strategies/seb_spec.rb
+++ b/spec/omniauth/strategies/seb_spec.rb
@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'rack-protection'
 
 describe OmniAuth::Strategies::Seb do
   PUBLIC_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'response.public.pem'))
@@ -10,8 +11,17 @@
     b.run lambda{|env| [404, {}, ['Not Found']]}
   end.to_app }
 
+  let(:token){ Rack::Protection::AuthenticityToken.random_token }
+
   context 'request phase' do
-    before(:each) { get '/auth/seb' }
+    before(:each) do
+      post(
+        '/auth/seb',
+        {},
+        'rack.session' => {csrf: token},
+        'HTTP_X_CSRF_TOKEN' => token
+      )
+    end
 
     it 'displays a single form' do
       expect(last_response.status).to eq(200)
@@ -25,7 +35,7 @@
     EXPECTED_VALUES = {
       'IB_SND_ID': SND_ID,
       'IB_SERVICE': OmniAuth::Strategies::Seb::AUTH_SERVICE,
-      'IB_LANG': 'LAT'
+      'IB_LANG': 'ENG'
     }
 
     EXPECTED_VALUES.each_pair do |k,v|