diff --git a/guestbook-ng.pl b/guestbook-ng.pl
index f2df915..5e6614c 100755
--- a/guestbook-ng.pl
+++ b/guestbook-ng.pl
@@ -64,7 +64,7 @@ get '/' => sub ($c) { $c->redirect_to(page => {page => 'view'}) };
 any [qw{GET POST}], '/sign' => sub ($c) {
     my $v = $c->validation() if $c->req->method eq 'POST';
 
-    if ($c->req->method eq 'POST' && $v->has_data) {
+    if ($v && $v->has_data) {
         my $name    = $c->param('name') || 'Anonymous';
         my $url     = $c->param('url');
         my $message = $c->param('message');
@@ -78,7 +78,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
         $v->optional('url', 'not_empty')->size(1, 255)
             ->like(qr/$RE{URI}{HTTP}{-scheme => qr<https?>}/);
 
-        unless ($v->has_error) {
+        if ($v->has_error) {
+            $c->stash(status => 400)
+        }
+        else {
             $c->message->create_post($name, $message, $url, $spam);
 
             $c->flash(error => 'This message was flagged as spam') if $spam;
@@ -86,6 +89,10 @@ any [qw{GET POST}], '/sign' => sub ($c) {
             return $c->redirect_to(page => {page => 'view'});
         }
     }
+    # Throw a 400 for POST with null body too
+    elsif ($v) {
+        $c->stash(status => 400)
+    }
 
     # Try to randomize things for the CAPTCHA challenge. The
     # string 'false' actually evaluates to true so this is an
diff --git a/t/sign.t b/t/sign.t
index 6f90c21..2f11721 100644
--- a/t/sign.t
+++ b/t/sign.t
@@ -26,18 +26,23 @@ my %valid_form   = (
     message => 'Ayy... lmao',
     answer  => 'false'
     );
+# Null POST body
+my %null_form;
 
 $t->ua->max_redirects(1);
 
 # Valid requests
 $t->get_ok('/sign')->status_is(200)->text_is(h2 => 'Sign the Guestbook');
-$t->post_ok('/sign', form => \%valid_form)->status_is(200);
+$t->post_ok('/sign', form => \%valid_form)->status_is(200)
+    ->text_is(h2 => 'Messages from the World Wide Web');
 
 # Invalid input
-$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
+$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
     ->content_like(qr/cannot be blank/);
-$t->post_ok('/sign', form => \%invalid_form)->status_is(200)
+$t->post_ok('/sign', form => \%invalid_form)->status_is(400)
     ->content_like(qr/URL does not appear to be/);
+$t->post_ok('/sign', form => \%null_form)->status_is(400)
+    ->text_is(h2 => 'Sign the Guestbook');
 
 # Spam test
 $t->post_ok('/sign', form => \%spam_form)->status_is(403)