diff --git a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php
index 0cd8f3b..8bb5037 100644
--- a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php
@@ -2,7 +2,7 @@
 
 /**
  * @file
- * Contains Drupal\Core\Access\CsrfAccessCheck.
+ * Contains \Drupal\Core\Access\CsrfAccessCheck.
  */
 
 namespace Drupal\Core\Access;
@@ -20,16 +20,17 @@
 class CsrfAccessCheck implements AccessCheckInterface {
 
   /**
-   * Implements AccessCheckInterface::applies().
+   * {@inhertidoc}
    */
   public function applies(Route $route) {
     return array_key_exists('_csrf', $route->getRequirements());
   }
 
   /**
-   * Implements AccessCheckInterface::access().
+   * {@inheritdoc}
    */
   public function access(Route $route, Request $request) {
-    return drupal_get_token($route->getRequirement('_csrf')) == $request->query->get('csrf');
+    return drupal_get_token($route->getRequirement('_csrf')) == $request->query->get('csrf') ? static::ALLOW : static::KILL;
   }
-}
\ No newline at end of file
+
+}
diff --git a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php
index 75e4189..2260b02 100644
--- a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php
@@ -7,20 +7,24 @@
 
 namespace Drupal\Tests\Core\Access;
 
+use Drupal\Core\Access\AccessCheckInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Route;
 use Drupal\Core\Access\CsrfAccessCheck;
 use Drupal\Tests\UnitTestCase;
 
 /**
- * Tests \Drupal\Core\Access\CsrfAccessCheck.
+ * Tests the access checker which deals with drupal_valid_token.
+ *
+ * @see \Drupal\Core\Access\CsrfAccessCheck
  */
 class CsrfAccessCheckTest extends UnitTestCase {
 
   public static function getInfo() {
     return array(
-      'name' => '\Drupal\Tests\Core\Access\CsrfAccessCheck',
-      'group' => 'Access'
+      'name' => 'Tests the CSRF access checker.',
+      'description' => 'Tests the access checker which deals with drupal_valid_token.',
+      'group' => 'Routing',
     );
   }
 
@@ -60,6 +64,16 @@ public function testAccess() {
     ));
     $access_check = new CsrfAccessCheck();
     $access = $access_check->access($route, $request);
-    $this->assertEquals(TRUE, $access);
+    $this->assertEquals(AccessCheckInterface::ALLOW, $access);
+
+    // Run the same request with an invalid token.
+    $route = new Route('/foo', array(), array('_csrf: ' . $token_value));
+    $request = new Request(array(
+      'csrf' => $token_value,
+    ));
+    $access_check = new CsrfAccessCheck();
+    $access = $access_check->access($route, $request);
+    $this->assertEquals(AccessCheckInterface::KILL, $access);
   }
+
 }