From 4f6442a6adf52fd88b2e2241e2e4a996e463707a Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Tue, 18 Nov 2025 16:56:10 -0500
Subject: [PATCH] catch typeerror in csrf token and return false

---
 backend/handler/auth/middleware/csrf_middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/handler/auth/middleware/csrf_middleware.py b/backend/handler/auth/middleware/csrf_middleware.py
index 68f626192..09168dc09 100644
--- a/backend/handler/auth/middleware/csrf_middleware.py
+++ b/backend/handler/auth/middleware/csrf_middleware.py
@@ -160,7 +160,7 @@ class CSRFMiddleware:
                 and decoded_doc_cookie["user_id"] == user_id
                 and decoded_header_cookie["user_id"] == user_id
             )
-        except BadSignature:
+        except (TypeError, BadSignature):
             return False
 
     def _get_error_response(self, request: Request) -> Response: