diff --git a/lib/util/http.js b/lib/util/http.js
index 867b817b..3d3ee28e 100644
--- a/lib/util/http.js
+++ b/lib/util/http.js
@@ -82,19 +82,32 @@ exports.func = function (args) {
   }
   return http(args.url, opt).then(function (res) {
     if (opt && opt.headers && opt.headers['X-CSRF-TOKEN']) {
-      if (res.statusCode === 403 && (res.statusMessage === 'XSRF Token Validation Failed' || res.statusMessage === 'Token Validation Failed')) {
-        depth++
-        if (depth >= 3) {
-          throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully')
+      if (res.statusCode === 403) {
+        let message
+
+        try {
+          message = typeof res.body === 'string' ? JSON.parse(res.body).message : res.body.message
+        } catch (_) {
+          // Roblox didn't send back a properly formed json object
         }
-        const token = res.headers['x-csrf-token']
-        if (token) {
-          opt.headers['X-CSRF-TOKEN'] = token
-          opt.jar = jar
-          args.depth = depth + 1
-          return exports.func(args)
-        } else {
-          throw new Error('Could not refresh X-CSRF-TOKEN')
+
+        if (message === 'XSRF Token Validation Failed' || message === 'Token Validation Failed') {
+          depth++
+
+          if (depth >= 3) {
+            throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully')
+          }
+
+          const token = res.headers['x-csrf-token']
+
+          if (token) {
+            opt.headers['X-CSRF-TOKEN'] = token
+            opt.jar = jar
+            args.depth = depth + 1
+            return exports.func(args)
+          } else {
+            throw new Error('Could not refresh X-CSRF-TOKEN')
+          }
         }
       } else {
         if (depth > 0) {