diff --git a/core/src/test/java/google/registry/testing/FakeConsoleApiParams.java b/core/src/test/java/google/registry/testing/FakeConsoleApiParams.java
index 8d9f85bcd..d8cf867c8 100644
--- a/core/src/test/java/google/registry/testing/FakeConsoleApiParams.java
+++ b/core/src/test/java/google/registry/testing/FakeConsoleApiParams.java
@@ -15,12 +15,14 @@
 package google.registry.testing;
 
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import com.google.appengine.api.users.UserService;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.UserAuthInfo;
 import google.registry.security.XsrfTokenManager;
 import google.registry.ui.server.registrar.ConsoleApiParams;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;
 import org.joda.time.DateTime;
@@ -36,11 +38,15 @@ public final class FakeConsoleApiParams {
                         new com.google.appengine.api.users.User(
                             "JohnDoe@theregistrar.com", "theregistrar.com"),
                         false)));
-    return ConsoleApiParams.create(
-        mock(HttpServletRequest.class),
-        new FakeResponse(),
-        authResult,
+    HttpServletRequest request = mock(HttpServletRequest.class);
+    XsrfTokenManager xsrfTokenManager =
         new XsrfTokenManager(
-            new FakeClock(DateTime.parse("2020-02-02T01:23:45Z")), mock(UserService.class)));
+            new FakeClock(DateTime.parse("2020-02-02T01:23:45Z")), mock(UserService.class));
+    when(request.getCookies())
+        .thenReturn(
+            new Cookie[] {
+              new Cookie(XsrfTokenManager.X_CSRF_TOKEN, xsrfTokenManager.generateToken(""))
+            });
+    return ConsoleApiParams.create(request, new FakeResponse(), authResult, xsrfTokenManager);
   }
 }