diff --git a/src/middleware/csrf.js b/src/middleware/csrf.js
index f6af0c625b..d2c1ff0b4a 100644
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -11,6 +11,8 @@ const {
 			return req.headers['x-csrf-token'];
 		} else if (req.body.csrf_token) {
 			return req.body.csrf_token;
+		} else if (req.query) {
+			return req.query._csrf;
 		}
 	},
 	size: 64,