diff --git a/misuzu.php b/misuzu.php
index 08ab438c..35375f2a 100644
--- a/misuzu.php
+++ b/misuzu.php
@@ -303,7 +303,7 @@ MIG;
         }
     }
 
-    csrf_init('soapsoapsoap', empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']);
+    csrf_init($app->getCsrfSecretKey(), empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']);
 
     $privateInfo = $app->getPrivateInfo();
 
diff --git a/src/Application.php b/src/Application.php
index 8caa2199..e964d3bc 100644
--- a/src/Application.php
+++ b/src/Application.php
@@ -354,6 +354,11 @@ final class Application
         return $this->getPath($this->config['Avatar']['default_path'] ?? 'public/images/no-avatar.png');
     }
 
+    public function getCsrfSecretKey(): string
+    {
+        return $this->config['CSRF']['secret_key'] ?? 'insecure';
+    }
+
     /**
      * Gets the currently active instance of Application
      * @return Application