diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 49e99a6..0f85b4f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
           node-version: 20
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9
       - run: pnpm install
       - run: pnpm -r lint
 
@@ -28,7 +28,7 @@ jobs:
           node-version: 20
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9
       - run: pnpm install
       - run: pnpm -r test run -- --environment node
       - run: pnpm -r test run -- --environment edge-runtime
@@ -44,6 +44,6 @@ jobs:
           node-version: 20
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9
       - run: pnpm install
       - run: pnpm -r build
diff --git a/shared/src/util.ts b/shared/src/util.ts
index d548edf..4665386 100644
--- a/shared/src/util.ts
+++ b/shared/src/util.ts
@@ -94,9 +94,25 @@ export async function getTokenString(request: Request, valueFn?: TokenValueFunct
   // non-form server actions
   if (contentType.startsWith('text/plain')) {
     try {
+      // handle array of arguments
       const args = JSON.parse(rawVal);
+
       if (!Array.isArray(args) || args.length === 0) return rawVal;
-      return args[0];
+
+      const args0 = args[0];
+      const typeofArgs0 = typeof args0;
+
+      if (typeofArgs0 === 'string') {
+        // treat first string argument as csrf token
+        return args0;
+      }
+
+      if (typeofArgs0 === 'object') {
+        // if first argument is an object, look for token there
+        return args0.csrf_token || '';
+      }
+
+      return args0;
     } catch (e) {
       return rawVal;
     }