diff --git a/.changeset/twenty-parrots-invent.md b/.changeset/twenty-parrots-invent.md
new file mode 100644
index 000000000000..63830ce2ff12
--- /dev/null
+++ b/.changeset/twenty-parrots-invent.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+fix: false positive `csrf` error in remote functions
diff --git a/packages/kit/src/runtime/server/respond.js b/packages/kit/src/runtime/server/respond.js
index fe2ed1c6f86a..c8877fc4869b 100644
--- a/packages/kit/src/runtime/server/respond.js
+++ b/packages/kit/src/runtime/server/respond.js
@@ -77,7 +77,7 @@ export async function internal_respond(request, options, manifest, state) {
 	const request_origin = request.headers.get('origin');
 
 	if (remote_id) {
-		if (request.method !== 'GET' && request_origin !== url.origin) {
+		if (options.csrf_check_origin && request.method !== 'GET' && request_origin !== url.origin) {
 			const message = 'Cross-site remote requests are forbidden';
 			return json({ message }, { status: 403 });
 		}