diff --git a/addons/website_sale_quote/controllers/main.py b/addons/website_sale_quote/controllers/main.py
index 120b644bc87..083175ca014 100644
--- a/addons/website_sale_quote/controllers/main.py
+++ b/addons/website_sale_quote/controllers/main.py
@@ -78,11 +78,13 @@ class sale_quote(http.Controller):
         return True
 
     @website.route(['/quote/update_line'], type='json', auth="public")
-    def update(self, line_id=None, remove=False, unlink=False, order_id=None, **post):
+    def update(self, line_id=None, remove=False, unlink=False, order_id=None, token=None, **post):
+        order = request.registry.get('sale.order').browse(request.cr, SUPERUSER_ID, int(order_id))
+        assert token == order.access_token, 'Access denied, wrong token!'
         if unlink:
-            return request.registry.get('sale.order.line').unlink(request.cr, SUPERUSER_ID, [int(line_id)], context=request.context)
+            request.registry.get('sale.order.line').unlink(request.cr, SUPERUSER_ID, [int(line_id)], context=request.context)
+            return False
         val = self._update_order_line(line_id=int(line_id), number=(remove and -1 or 1))
-        order = request.registry.get('sale.order').browse(request.cr, SUPERUSER_ID, order_id)
         return [str(val), str(order.amount_total)]
 
     def _update_order_line(self, line_id, number):
@@ -93,24 +95,31 @@ class sale_quote(http.Controller):
         return quantity
 
     @website.route(["/template/<model('sale.quote.template'):quote>"], type='http', auth="public")
-    def template_view(self, quote=None, **post):
+    def template_view(self, quote, **post):
         values = {
             'template': quote,
         }
         return request.website.render('website_sale_quote.so_template', values)
         
-    @website.route(['/quote/add_line'], type='json', auth="public")
-    def add(self, option=None, order=None, product=None, **post):
+    @website.route(["/quote/add_line/<int:option_id>/<int:order_id>/<token>"], type='http', auth="public")
+    def add(self, option_id, order_id, token, **post):
         vals = {}
-        product_obj = request.registry.get('product.product').browse(request.cr, SUPERUSER_ID, int(product), context=request.context)
+        order = request.registry.get('sale.order').browse(request.cr, SUPERUSER_ID, order_id)
+        assert token == order.access_token, 'Access denied, wrong token!'
+        option_obj = request.registry.get('sale.option.line')
+        option = option_obj.browse(request.cr, SUPERUSER_ID, option_id)
         vals.update({
-            'price_unit': product_obj.list_price,
-            'website_description': product_obj.website_description,
-            'name': product_obj.name,
-            'order_id': int(order),
-            'product_id' : product_obj.id,
+            'price_unit': option.product_id.list_price,
+            'website_description': option.product_id.website_description,
+            'name': option.product_id.name,
+            'order_id': order.id,
+            'product_id' : option.product_id.id,
+            'product_uom_qty': option.quantity,
+            'product_uom_id': option.uom_id.id,
+            'discount': option.discount,
         })
-        new = request.registry.get('sale.order.line').create(request.cr, SUPERUSER_ID, vals, context=request.context)
-        request.registry.get('sale.option.line').write(request.cr, SUPERUSER_ID, [int(option)], {'add_to_line': True}, context=request.context)
-        return [new]
+        line = request.registry.get('sale.order.line').create(request.cr, SUPERUSER_ID, vals, context=request.context)
+        option_obj.write(request.cr, SUPERUSER_ID, [option.id], {'line_id': line}, context=request.context)
+        return werkzeug.utils.redirect("/quote/%s/%s" % (order.id, token))
+
 
diff --git a/addons/website_sale_quote/models/order.py b/addons/website_sale_quote/models/order.py
index fe463c45a8f..f643863d3be 100644
--- a/addons/website_sale_quote/models/order.py
+++ b/addons/website_sale_quote/models/order.py
@@ -132,11 +132,18 @@ class sale_option_line(osv.osv):
     _description = "Sale Options"
     _columns = {
         'option_id': fields.many2one('sale.order', 'Sale Order Reference', required=True, ondelete='cascade', select=True),
+        'line_id': fields.many2one('sale.order.line', on_delete="set null"),
         'name': fields.text('Description', required=True),
         'product_id': fields.many2one('product.product', 'Product', domain=[('sale_ok', '=', True)], change_default=True),
         'website_description': fields.html('Line Description'),
         'price_unit': fields.float('Unit Price', required=True),
-        'add_to_line': fields.boolean('Add to Line'),
+        'discount': fields.float('Discount (%)'),
+        'uom_id': fields.many2one('product.uom', 'Unit of Measure ', required=True),
+        'quantity': fields.float('Quantity', required=True),
+    }
+    
+    _defaults = {
+        'quantity': 1,
     }
 
     def on_change_product_id(self, cr, uid, ids, product, context=None):
@@ -146,6 +153,7 @@ class sale_option_line(osv.osv):
             'price_unit': product_obj.list_price,
             'website_description': product_obj.website_description,
             'name': product_obj.name,
+            'uom_id': product_obj.product_tmpl_id.uom_id.id,
         })
         return {'value': vals}
 
diff --git a/addons/website_sale_quote/sale_quote_view.xml b/addons/website_sale_quote/sale_quote_view.xml
index 8fb9baaac0b..cd0ed80edbc 100644
--- a/addons/website_sale_quote/sale_quote_view.xml
+++ b/addons/website_sale_quote/sale_quote_view.xml
@@ -10,16 +10,21 @@
                     <button name="open_quotation" string="View Quotation" type="object"
                         attrs="{'invisible': [('template_id','=',False)]}"/>
                 </xpath>
-                <xpath expr="//field[@name='order_line']" position="after">
-                    <label string="Optional Products &amp; Services" for="options"/>
-                    <field name="options">
-                        <tree string="Sales Quote Template Lines" editable="bottom">
-                                <field name="product_id" on_change="on_change_product_id(product_id)"/>
-                                <field name="name"/>
-                                <field name="price_unit"/>
-                                <field name="website_description" invisible="1"/>
-                        </tree>
-                    </field>
+                <xpath expr="//page[@string='Order Lines']" position="after">
+                    <page string="Option">
+                        <label string="Optional Products &amp; Services" for="options"/>
+                        <field name="options">
+                            <tree string="Sales Quote Template Lines" editable="bottom">
+                                    <field name="product_id" on_change="on_change_product_id(product_id)"/>
+                                    <field name="name"/>
+                                    <field name="quantity"/>
+                                    <field name="uom_id"/>
+                                    <field name="price_unit"/>
+                                    <field name="discount"/>
+                                    <field name="website_description" invisible="1"/>
+                            </tree>
+                        </field>
+                    </page>
                 </xpath>
                 <xpath expr="//field[@name='client_order_ref']" position="after">
                     <field name="template_id" on_change="onchange_template_id(template_id)"/>
diff --git a/addons/website_sale_quote/static/src/js/sale_quote.js b/addons/website_sale_quote/static/src/js/sale_quote.js
index 97345d2255f..29bdcbc1f31 100644
--- a/addons/website_sale_quote/static/src/js/sale_quote.js
+++ b/addons/website_sale_quote/static/src/js/sale_quote.js
@@ -3,11 +3,13 @@ $(document).ready(function () {
         ev.preventDefault();
         var $link = $(ev.currentTarget);
         var href = $link.attr("href");
-        var order_id = $link.attr("href").match(/order_id=([0-9]+)/);
+        var order_id = href.match(/order_id=([0-9]+)/);
         var line_id = href.match(/update_line\/([0-9]+)/);
+        var token = href.match(/token=(.*)/);
         openerp.jsonRpc("/quote/update_line/", 'call', {
                 'line_id': line_id[1],
                 'order_id': parseInt(order_id[1]),
+                'token': token[1],
                 'remove': $link.is('[href*="remove"]'),
                 'unlink': $link.is('[href*="unlink"]')
                 })
@@ -20,23 +22,5 @@ $(document).ready(function () {
                 });
         return false;
     });
-
-    $('a.js_add_line_json').on('click', function (ev) {
-        ev.preventDefault();
-        var $link = $(ev.currentTarget);
-        var href = $link.attr("href");
-        var order = $link.attr("href").match(/order=([0-9]+)/);
-        var option = href.match(/add_line\/([0-9]+)/);
-        var product = $link.attr("href").match(/product=([0-9]+)/);
-        openerp.jsonRpc("/quote/add_line/", 'call', {
-                'option': option[1],
-                'order': order[1],
-                'product': product[1],
-                })
-                .then(function (data) {
-                    location.reload();
-                });
-        return false;
-    });
 });
 //vim:et fdc=0 fdl=0 foldnestmax=3 fdm=syntax:
diff --git a/addons/website_sale_quote/views/website_sale_quote.xml b/addons/website_sale_quote/views/website_sale_quote.xml
index 10ea8a6a1ce..e65e75881bb 100644
--- a/addons/website_sale_quote/views/website_sale_quote.xml
+++ b/addons/website_sale_quote/views/website_sale_quote.xml
@@ -18,6 +18,9 @@
                             <td>
                                 <div t-field="line.name"/>
                             </td>
+                            <td>
+                                <div t-field="line.tax_id"/>
+                            </td>
                             <td>
                                 <div id="quote_qty">
                                     <t t-esc="line.product_uom_qty"/>
@@ -41,7 +44,7 @@
                                     t-field-options='{"widget": "monetary", "display_currency": "quotation.pricelist_id.currency_id"}'/>
                             </td>
                             <td>
-                                <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }&amp;unlink=True" class="mb8 js_update_line_json pull-right">
+                                <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }&amp;unlink=True&amp;token=#{ quotation.access_token }" class="mb8 js_update_line_json pull-right">
                                     <span class="fa fa-trash-o"></span>
                                 </a>
                             </td>
@@ -70,13 +73,13 @@
             <xpath expr="//div[@id='quote_qty']" position="replace">
                 <div class="input-group">
                     <span class="input-group-addon">
-                        <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }&amp;remove=True" class="mb8 js_update_line_json">
+                        <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }&amp;remove=True&amp;token=#{ quotation.access_token }" class="mb8 js_update_line_json">
                             <span class="fa fa-minus"/>
                         </a>
                     </span>
                     <input type="text" class="js_quantity form-control" t-att-data-id="line.id" t-att-value="line.product_uom_qty"/>
                     <span class="input-group-addon">
-                        <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }" class="mb8 js_update_line_json">
+                        <a t-href="./update_line/#{ line.id }/?order_id=#{ quotation.id }&amp;token=#{ quotation.access_token }" class="mb8 js_update_line_json">
                             <span class="fa fa-plus"/>
                         </a>
                     </span>
@@ -291,13 +294,13 @@
                 <h3>Optional Products &amp; Services:</h3>
                 <div class='row mt16'>
                     <t t-foreach="quotation.options" t-as="option">
-                        <t t-if="not option.add_to_line">
+                        <t t-if="not option.line_id">
                             <div class='col-md-2 thumbnail' style='width: 170px; margin-right: 16px;'>
                                 <div class='mt16 text-center'>
                                     <a href="#" t-field="option.product_id.name"/>
                                     <span t-field="option.product_id.image_small" t-field-options='{"widget": "image", "class": "img-rounded"}'/>
                                 </div>
-                                <a type="submit" t-href="./add_line/#{ option.id }/?order=#{ quotation.id }&amp;product=#{option.product_id.id}" class="btn btn-primary btn-xs js_add_line_json">Add To Quotation
+                                <a t-href="/quote/add_line/#{ option.id }/#{ quotation.id }/#{ quotation.access_token }" class="btn btn-primary btn-xs">Add To Quotation
                                 </a>
                             </div>
                         </t>