diff --git a/modules/auth/handlers/handlers.go b/modules/auth/handlers/handlers.go
index 03df151..ac55abe 100644
--- a/modules/auth/handlers/handlers.go
+++ b/modules/auth/handlers/handlers.go
@@ -135,7 +135,7 @@ func (s Server) PostSignIn(ctx context.Context, req auth.PostSignInRequestObject
 	ginCtx.SetSameSite(http.SameSiteStrictMode)
 	ginCtx.SetCookie("access_token", accessToken, 900, "/api", "", false, true)
 	ginCtx.SetCookie("refresh_token", refreshToken, 1209600, "/auth", "", false, true)
-	ginCtx.SetCookie("xsrf_token", csrfToken, 1209600, "/api", "", false, false)
+	ginCtx.SetCookie("xsrf_token", csrfToken, 1209600, "/", "", false, false)
 
 	result := auth.PostSignIn200JSONResponse{
 		UserId:   user.ID,
diff --git a/modules/frontend/src/components/TitleStatusControls/TitleStatusControls.tsx b/modules/frontend/src/components/TitleStatusControls/TitleStatusControls.tsx
index 0566fbf..98fa868 100644
--- a/modules/frontend/src/components/TitleStatusControls/TitleStatusControls.tsx
+++ b/modules/frontend/src/components/TitleStatusControls/TitleStatusControls.tsx
@@ -23,7 +23,6 @@ const STATUS_BUTTONS: { status: UserTitleStatus; icon: React.ReactNode; label: s
 export function TitleStatusControls({ titleId }: { titleId: number }) {
     const [cookies] = useCookies(['xsrf_token']);
     const xsrfToken = cookies['xsrf_token'] || null;
-    console.log("xsrf_token: " + xsrfToken)
 
     const [currentStatus, setCurrentStatus] = useState<UserTitleStatus | null>(null);
     const [loading, setLoading] = useState(false);
@@ -56,7 +55,9 @@ export function TitleStatusControls({ titleId }: { titleId: number }) {
                 await deleteUserTitle({path: {
                     user_id: userId,
                     title_id: titleId,
-                }})
+                },
+                headers: { "X-XSRF-TOKEN": xsrfToken },
+                })
                 setCurrentStatus(null);
                 return;
             }
@@ -73,7 +74,8 @@ export function TitleStatusControls({ titleId }: { titleId: number }) {
                     title_id: titleId,
                     status: status,
                     },
-                path: {user_id: userId}
+                path: {user_id: userId},
+                headers: { "X-XSRF-TOKEN": xsrfToken },
                 });
 
                 setCurrentStatus(added.data?.status ?? null);
diff --git a/modules/frontend/src/pages/UserPage/UserPage.tsx b/modules/frontend/src/pages/UserPage/UserPage.tsx
index d9ff5f2..1a8ba1e 100644
--- a/modules/frontend/src/pages/UserPage/UserPage.tsx
+++ b/modules/frontend/src/pages/UserPage/UserPage.tsx
@@ -96,7 +96,7 @@ export default function UserPage({ userId }: UserPageProps) {
       //   "all"
       // );
 
-      if (!result?.data?.data.length) return { items: [], nextCursor: null };
+      if (!result?.data?.data?.length) return { items: [], nextCursor: null };
 
       return { items: result.data?.data, nextCursor: result.data?.cursor ?? null };
     } catch (err: any) {