diff --git a/opentech/static_src/src/javascript/main.js b/opentech/static_src/src/javascript/main.js
index 6dc0b3e5f608ea73ca1aa75e950393e754a11157..24cb650e55ade0c84814c1f24d0f945a2e4723bc 100644
--- a/opentech/static_src/src/javascript/main.js
+++ b/opentech/static_src/src/javascript/main.js
@@ -157,14 +157,17 @@
     });
 
     // Setting the CSRF token on AJAX requests.
-    var csrftoken = window.Cookies.get('csrftoken');
+    var csrftoken = false;
+    if (typeof window.Cookies !== 'undefined') {
+        csrftoken = window.Cookies.get('csrftoken');
+    }
     function csrfSafeMethod(method) {
         // these HTTP methods do not require CSRF protection
         return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
     }
     $.ajaxSetup({
         beforeSend: function (xhr, settings) {
-            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+            if (csrftoken && !csrfSafeMethod(settings.type) && !this.crossDomain) {
                 xhr.setRequestHeader('X-CSRFToken', csrftoken);
             }
         }