diff --git a/src/errors/forbidden_error.ts b/src/errors/forbidden_error.ts
new file mode 100644
index 000000000..3e62665b0
--- /dev/null
+++ b/src/errors/forbidden_error.ts
@@ -0,0 +1,12 @@
+import HttpError from "./http_error.js";
+
+class ForbiddenError extends HttpError {
+
+    constructor(message: string) {
+        super(message, 403);
+        this.name = "ForbiddenError";
+    }
+
+}
+
+export default ForbiddenError;
\ No newline at end of file
diff --git a/src/routes/error_handlers.ts b/src/routes/error_handlers.ts
index c570a9dbd..074bf0053 100644
--- a/src/routes/error_handlers.ts
+++ b/src/routes/error_handlers.ts
@@ -1,6 +1,7 @@
 import type { Application, NextFunction, Request, Response } from "express";
 import log from "../services/log.js";
 import NotFoundError from "../errors/not_found_error.js";
+import ForbiddenError from "../errors/forbidden_error.js";
 
 function register(app: Application) {
     app.use((err: any, req: Request, res: Response, next: NextFunction) => {
@@ -9,10 +10,7 @@ function register(app: Application) {
         }
 
         log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies["_csrf"]}`);
-
-        err = new Error("Invalid CSRF token");
-        err.status = 403;
-        next(err);
+        next(new ForbiddenError("Invalid CSRF token"));
     });
 
     // catch 404 and forward to error handler