diff --git a/src/middleware/csrf.js b/src/middleware/csrf.js
index 73676cac4e..e81c1ef200 100644
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -6,6 +6,13 @@ const {
 	generateToken,
 	csrfSynchronisedProtection,
 } = csrfSync({
+	getTokenFromRequest: (req) => {
+		if (req.headers['x-csrf-token']) {
+			return req.headers['x-csrf-token'];
+		} else if (req.query) {
+			return req.query._csrf;
+		}
+	},
 	size: 64,
 });