diff --git a/src/core/server/http/lifecycle_handlers.ts b/src/core/server/http/lifecycle_handlers.ts
index 3d7a565dac64fd..7ef7e863260391 100644
--- a/src/core/server/http/lifecycle_handlers.ts
+++ b/src/core/server/http/lifecycle_handlers.ts
@@ -20,6 +20,7 @@
 import { OnPostAuthHandler } from './lifecycle/on_post_auth';
 import { OnPreResponseHandler } from './lifecycle/on_pre_response';
 import { HttpConfig } from './http_config';
+import { isSafeMethod } from './router';
 import { Env } from '../config';
 import { LifecycleRegistrar } from './http_server';
 
@@ -39,11 +40,10 @@ export const createXsrfPostAuthHandler = (config: HttpConfig): OnPostAuthHandler
       return toolkit.next();
     }
 
-    const isSafeMethod = request.route.method === 'get' || request.route.method === 'head';
     const hasVersionHeader = VERSION_HEADER in request.headers;
     const hasXsrfHeader = XSRF_HEADER in request.headers;
 
-    if (!isSafeMethod && !hasVersionHeader && !hasXsrfHeader) {
+    if (!isSafeMethod(request.route.method) && !hasVersionHeader && !hasXsrfHeader) {
       return response.badRequest({ body: `Request must contain a ${XSRF_HEADER} header.` });
     }