diff --git a/src/middleware/csrf.js b/src/middleware/csrf.js
index e81c1ef200..f6af0c625b 100644
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -9,8 +9,8 @@ const {
 	getTokenFromRequest: (req) => {
 		if (req.headers['x-csrf-token']) {
 			return req.headers['x-csrf-token'];
-		} else if (req.query) {
-			return req.query._csrf;
+		} else if (req.body.csrf_token) {
+			return req.body.csrf_token;
 		}
 	},
 	size: 64,
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 62c1e15363..df7e33138b 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -172,7 +172,7 @@ Auth.reloadRoutes = async function (params) {
 
 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
+	router.post('/register/abort', middlewares, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };