diff --git a/system/Helpers/form_helper.php b/system/Helpers/form_helper.php
index 1e3ea4a9152a..2e5b9f7ca576 100644
--- a/system/Helpers/form_helper.php
+++ b/system/Helpers/form_helper.php
@@ -31,7 +31,7 @@ function form_open(string $action = '', $attributes = [], array $hidden = []): s
     {
         // If no action is provided then set to the current url
         if ($action === '') {
-            $action = current_url(true);
+            $action = (string) current_url(true);
         } // If an action is not a full URL then turn it into one
         elseif (! str_contains($action, '://')) {
             // If an action has {locale}
diff --git a/tests/system/Helpers/FormHelperTest.php b/tests/system/Helpers/FormHelperTest.php
index 2ee32da768fc..cfb58c338932 100644
--- a/tests/system/Helpers/FormHelperTest.php
+++ b/tests/system/Helpers/FormHelperTest.php
@@ -101,21 +101,33 @@ public function testFormOpenWithoutAction(): void
     {
         $this->setRequest();
 
-        $before = (new Filters())->globals['before'];
-        if (in_array('csrf', $before, true) || array_key_exists('csrf', $before)) {
-            $Value    = csrf_hash();
-            $Name     = csrf_token();
-            $expected = <<<EOH
-                <form action="http://example.com/index.php" name="form" id="form" method="POST" accept-charset="utf-8">
-                <input type="hidden" name="{$Name}" value="{$Value}" style="display:none;">
+        $expected = <<<'EOH'
+            <form action="http://example.com/index.php" name="form" id="form" method="POST" accept-charset="utf-8">
 
-                EOH;
-        } else {
-            $expected = <<<'EOH'
-                <form action="http://example.com/index.php" name="form" id="form" method="POST" accept-charset="utf-8">
+            EOH;
+        $attributes = [
+            'name'   => 'form',
+            'id'     => 'form',
+            'method' => 'POST',
+        ];
+        $this->assertSame($expected, form_open('', $attributes));
+    }
 
-                EOH;
-        }
+    public function testFormOpenWithoutActionWithCSRF(): void
+    {
+        $this->setRequest();
+
+        // Sets csrf filter.
+        $filters                      = config(Filters::class);
+        $filters->globals['before'][] = 'csrf';
+        service('filters')->initialize();
+
+        $Value    = csrf_hash();
+        $Name     = csrf_token();
+        $expected = <<<EOH
+            <form action="http://example.com/index.php" name="form" id="form" method="POST" accept-charset="utf-8">
+            <input type="hidden" name="{$Name}" value="{$Value}">
+            EOH;
         $attributes = [
             'name'   => 'form',
             'id'     => 'form',