diff --git a/internal/web/server/middlewares.go b/internal/web/server/middlewares.go
index 8f79b02..ab26eca 100644
--- a/internal/web/server/middlewares.go
+++ b/internal/web/server/middlewares.go
@@ -72,7 +72,7 @@ func (s *Server) registerMiddlewares() {
 				/* skip CSRF for git clients */
 				matchUploadPack, _ := regexp.MatchString("(.*?)/git-upload-pack$", ctx.Request().URL.Path)
 				matchReceivePack, _ := regexp.MatchString("(.*?)/git-receive-pack$", ctx.Request().URL.Path)
-				return filepath.Ext(gistName) == ".js" || matchUploadPack || matchReceivePack
+				return (filepath.Ext(gistName) == ".js" && ctx.Request().Method == "GET") || matchUploadPack || matchReceivePack
 			},
 			ErrorHandler: func(err error, c echo.Context) error {
 				log.Info().Err(err).Msg("CSRF error")
@@ -320,7 +320,6 @@ func csrfInit(next Handler) Handler {
 			csrf = csrfToken
 		}
 		ctx.SetData("csrfHtml", template.HTML(`<input type="hidden" name="_csrf" value="`+csrf+`">`))
-		ctx.SetData("csrfHtml", template.HTML(`<input type="hidden" name="_csrf" value="`+csrf+`">`))
 
 		return next(ctx)
 	}