diff --git a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
index 38e1013..90a61b7 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt
@@ -28,7 +28,7 @@ class FirebaseAuthFilter(
         return path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images/[^/]+/file$"))
             || path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images$"))
             || path.matches(Regex("^/properties/[^/]+/room-types$"))
-            || path == "/image-tags"
+            || (path == "/image-tags" && request.method.equals("GET", true))
     }
 
     override fun doFilterInternal(
diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
index afffff0..f633671 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -29,7 +29,7 @@ class SecurityConfig(
                 it.requestMatchers("/properties/*/rooms/*/images/*/file").permitAll()
                 it.requestMatchers("/properties/*/rooms/*/images").permitAll()
                 it.requestMatchers("/properties/*/room-types").permitAll()
-                it.requestMatchers("/image-tags").permitAll()
+                it.requestMatchers(org.springframework.http.HttpMethod.GET, "/image-tags").permitAll()
                 it.anyRequest().authenticated()
             }
             .exceptionHandling {