diff --git a/apps/api/src/app/auth/guards/reject-nested-create.guard.spec.ts b/apps/api/src/app/auth/guards/reject-nested-create.guard.spec.ts
index 393ce2fb2..28a6e4548 100644
--- a/apps/api/src/app/auth/guards/reject-nested-create.guard.spec.ts
+++ b/apps/api/src/app/auth/guards/reject-nested-create.guard.spec.ts
@@ -6,6 +6,8 @@ describe('RejectNestedCreateGuard', () => {
       data: {
         text: 'sample',
         published: true,
+        stub: null,
+        stub2: undefined,
         author: {
           create: {
             username: 'mean_human',
diff --git a/apps/api/src/app/auth/guards/reject-nested-create.guard.ts b/apps/api/src/app/auth/guards/reject-nested-create.guard.ts
index e67e4b68b..efbe515f4 100644
--- a/apps/api/src/app/auth/guards/reject-nested-create.guard.ts
+++ b/apps/api/src/app/auth/guards/reject-nested-create.guard.ts
@@ -2,13 +2,15 @@ import { ExecutionContext, HttpException, Injectable, Logger } from '@nestjs/com
 import { GqlExecutionContext } from '@nestjs/graphql';
 
 export function containsNestedCreate(args: any) {
-  for (const [key, value] of Object.entries(args)) {
-    if (key === 'create') {
-      return true;
-    }
+  if (args !== null && args !== undefined) {
+    for (const [key, value] of Object.entries(args)) {
+      if (key === 'create') {
+        return true;
+      }
 
-    if (typeof value === 'object' && containsNestedCreate(value) === true) {
-      return true;
+      if (typeof value === 'object' && containsNestedCreate(value) === true) {
+        return true;
+      }
     }
   }
 
@@ -20,7 +22,7 @@ export function containsNestedCreate(args: any) {
  * Rejects mutations with nested create argument
  */
 export class RejectNestedCreateGuard {
-  static async canActivate(context: ExecutionContext) {
+  async canActivate(context: ExecutionContext) {
     const ctx = GqlExecutionContext.create(context);
 
     if (ctx.getInfo()?.operation?.operation === 'mutation') {