diff --git a/src/middleware/activitypub.js b/src/middleware/activitypub.js
index 30b40e1c7d..f9b8dcd009 100644
--- a/src/middleware/activitypub.js
+++ b/src/middleware/activitypub.js
@@ -107,12 +107,13 @@ middleware.assertPayload = async function (req, res, next) {
 
 	// Cross-check key ownership against received actor
 	await activitypub.actors.assert(actor);
-	const compare = (await db.getObjectField(`userRemote:${actor}:keys`, 'id')).replace(/#[\w-]+$/, '');
+	const compare = ((await db.getObjectField(`userRemote:${actor}:keys`, 'id')) || '').replace(/#[\w-]+$/, '');
 	const { signature } = req.headers;
-	const keyId = new Map(signature.split(',').filter(Boolean).map((v) => {
+	let keyId = new Map(signature.split(',').filter(Boolean).map((v) => {
 		const index = v.indexOf('=');
 		return [v.substring(0, index), v.slice(index + 1)];
-	})).get('keyId').slice(1, -1).replace(/#[\w-]+$/, '');
+	})).get('keyId');
+	keyId = (keyId || '').slice(1, -1).replace(/#[\w-]+$/, '');
 	if (compare !== keyId) {
 		activitypub.helpers.log('[middleware/activitypub] Key ownership cross-check failed.');
 		return res.sendStatus(403);