diff --git a/src/Csrf.php b/src/Csrf.php
index 3c888c85d..749a4c05e 100644
--- a/src/Csrf.php
+++ b/src/Csrf.php
@@ -116,7 +116,11 @@ public function __construct($options = [])
      */
     public function isValid($value, $context = null)
     {
-        $this->setValue((string) $value);
+        if (! is_string($value) ){
+            return false;    
+        }
+        
+        $this->setValue($value);
 
         $tokenId = $this->getTokenIdFromHash($value);
         $hash = $this->getValidationToken($tokenId);
diff --git a/test/CsrfTest.php b/test/CsrfTest.php
index d106f7233..4ee0908d8 100644
--- a/test/CsrfTest.php
+++ b/test/CsrfTest.php
@@ -267,6 +267,11 @@ public function testCanValidateHasheWithoutId()
         $this->assertTrue($this->validator->isValid($bareToken));
     }
 
+    public function testCanRejectArrayValues()
+    {
+        $this->assertFalse($this->validator->isValid([]));
+    }
+
     public function fakeValuesDataProvider()
     {
         return [
@@ -277,7 +282,7 @@ public function fakeValuesDataProvider()
             ['fakeTokenId'],
             [md5(uniqid()) . '-'],
             [md5(uniqid()) . '-' . md5(uniqid())],
-            ['-' . md5(uniqid())]
+            ['-' . md5(uniqid())],
         ];
     }