diff --git a/verify.lua b/verify.lua
index 5782393..c7169bc 100644
--- a/verify.lua
+++ b/verify.lua
@@ -2,7 +2,7 @@ core.register_fetches("verify_access", function(txn, api)
     -- env(api) check is kept for backwards compatibility
     local read_allowed = txn.f:env(api) == "1" or txn.f:env(api .. "_READ") == "1"
     -- env(POST) check is kept for backwards compatibility
-    local write_allowed = txn.f:env(api .. "_WRITE") == "1" or txn.f:env("POST") == "1"
+    local write_allowed = txn.f:env(api .. "_WRITE") == "1" or (read_allowed and txn.f:env("POST") == "1")
     local method = txn.f:method()
 
     local result = ((method == "GET" or method == "HEAD") and read_allowed)