diff --git a/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb b/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb
index 6fcb3b3882c6..149cf77e6d86 100644
--- a/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb
+++ b/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb
@@ -8,8 +8,6 @@ module Admin
       class QuestionnaireTemplatesController < Decidim::Templates::Admin::ApplicationController
         include Decidim::TranslatableAttributes
 
-        skip_before_action :verify_authenticity_token, only: :preview
-
         helper_method :template
 
         def index
diff --git a/decidim-templates/app/packs/src/decidim/templates/admin/choose_template.js b/decidim-templates/app/packs/src/decidim/templates/admin/choose_template.js
index a363914c451f..45299162b872 100644
--- a/decidim-templates/app/packs/src/decidim/templates/admin/choose_template.js
+++ b/decidim-templates/app/packs/src/decidim/templates/admin/choose_template.js
@@ -13,16 +13,10 @@ $(() => {
       return;
     }
     const params = new URLSearchParams({ id: id });
-    fetch(`${previewURL}?${params.toString()}`, {
-      method: "GET",
-      headers: { "Content-Type": "application/json" }
-    }).then((response) => response.text()).then((data) => {
-      const script = document.createElement("script");
-      script.type = "text/javascript";
-      script.innerHTML = data;
-      document.getElementsByTagName("head")[0].appendChild(script);
-    }).catch((error) => {
-      console.error(error); // eslint-disable-line no-console
+    Rails.ajax({
+      url: `${previewURL}?${params.toString()}`,
+      type: "GET",
+      error: (data) => (console.error(data))
     });
   }