diff --git a/public/script.js b/public/script.js
index fe31659dc..c512c69f6 100644
--- a/public/script.js
+++ b/public/script.js
@@ -945,7 +945,7 @@ $.ajaxPrefilter((options, originalOptions, xhr) => {
 export async function pingServer() {
     try {
         const result = await fetch('api/ping', {
-            method: 'GET',
+            method: 'POST',
             headers: getRequestHeaders(),
         });
 
diff --git a/public/scripts/user.js b/public/scripts/user.js
index 4af057c74..0b7fc164d 100644
--- a/public/scripts/user.js
+++ b/public/scripts/user.js
@@ -903,7 +903,7 @@ async function slugify(text) {
 async function extendUserSession() {
     try {
         const response = await fetch('/api/ping?extend=1', {
-            method: 'GET',
+            method: 'POST',
             headers: getRequestHeaders(),
         });
 
diff --git a/src/server-main.js b/src/server-main.js
index 4e5344482..153c1e94a 100644
--- a/src/server-main.js
+++ b/src/server-main.js
@@ -231,7 +231,7 @@ app.use('/api/users', usersPublicRouter);
 
 // Everything below this line requires authentication
 app.use(requireLoginMiddleware);
-app.get('/api/ping', (request, response) => {
+app.use('/api/ping', (request, response) => {
     if (request.query.extend && request.session) {
         request.session.touch = Date.now();
     }