diff --git a/islands/setup.tsx b/islands/setup.tsx
index db5c78ef..8f5c7240 100644
--- a/islands/setup.tsx
+++ b/islands/setup.tsx
@@ -26,7 +26,7 @@ function setup() {
               ReqFormData.append("nickName", nickName);
               ReqFormData.append("age", age);
               ReqFormData.append("icon", icon);
-              const csrftokenReq = await fetch("/api/v2/client/sessions/csrf", {
+              const csrftokenReq = await fetch("/api/v2/client/csrftoken", {
                 method: "GET",
               });
               const csrftoken = await csrftokenReq.json();
diff --git a/routes/api/v2/client/csrftoken.ts b/routes/api/v2/client/csrftoken.ts
index 66fc0592..0ac85fd5 100644
--- a/routes/api/v2/client/csrftoken.ts
+++ b/routes/api/v2/client/csrftoken.ts
@@ -5,8 +5,11 @@ import csrfToken from "../../../../models/csrftoken.ts";
 import { getCookies } from "$std/http/cookie.ts";
 export const handler = {
   async GET(req: Request, ctx: any) {
-    if (!ctx.state.data.loggedIn) {
-      return ctx.json({ status: false, message: "You are not logged in" });
+    if (!ctx.state.data.loggedIn && ctx.state.data.isSetUp === false) {
+      return new Response(
+        JSON.stringify({ status: false, message: "You are not logged in" }),
+        { status: 401, headers: { "Content-Type": "application/json" } },
+      );
     }
     const array = new Uint8Array(64);
     crypto.getRandomValues(array);