Changed getTokenFromRequest method to handle null value and prevent type error

src/Guards/TokenGuard.php

@@ -8,6 +8,7 @@
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Contracts\Encryption\DecryptException;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Cookie\CookieValuePrefix;
 use Illuminate\Cookie\Middleware\EncryptCookies;
@@ -256,20 +257,26 @@ protected function decodeJwtTokenCookie(): array
      */
     protected function validCsrf(array $token): bool
     {
-        return isset($token['csrf']) && hash_equals(
-            $token['csrf'], $this->getTokenFromRequest()
-        );
+        $requestToken = $this->getTokenFromRequest();
+
+        return isset($token['csrf']) &&
+               is_string($requestToken) &&
+               hash_equals($token['csrf'], $requestToken);
     }
 
     /**
      * Get the CSRF token from the request.
      */
-    protected function getTokenFromRequest(): string
+    protected function getTokenFromRequest(): ?string
     {
         $token = $this->request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $this->request->header('X-XSRF-TOKEN')) {
-            $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
+            try {
+                $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
+            } catch (DecryptException) {
+                $token = null;
+            }
         }
 
         return $token;