diff --git a/src/middleware/csrf.lisp b/src/middleware/csrf.lisp
index 639369e..637e8cc 100644
--- a/src/middleware/csrf.lisp
+++ b/src/middleware/csrf.lisp
@@ -53,6 +53,9 @@
     (and csrf-token
          (let ((recieved-csrf-token
                  (cdr (assoc "_csrf_token" (request-body-parameters req) :test #'string=))))
+           ;; for multipart/form-data
+           (when (listp recieved-csrf-token)
+             (setf recieved-csrf-token (first recieved-csrf-token)))
            (string= csrf-token recieved-csrf-token)))))
 
 (defun csrf-token (session)