diff --git a/internal/webserver/jwt.go b/internal/webserver/jwt.go
index 1ebc3bea04..13e38f6ee3 100644
--- a/internal/webserver/jwt.go
+++ b/internal/webserver/jwt.go
@@ -2,7 +2,6 @@ package webserver
 
 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"time"
 
@@ -48,8 +47,9 @@ func (s *WebUIServer) handleLogin(w http.ResponseWriter, r *http.Request) {
 		}
 		_, err = w.Write([]byte(token))
 
-	case "GET":
-		fmt.Fprintf(w, "only POST methods is allowed.")
+	default:
+		w.Header().Set("Allow", "POST")
+		http.Error(w, "only POST method is allowed", http.StatusMethodNotAllowed)
 		return
 	}
 }
diff --git a/internal/webserver/jwt_test.go b/internal/webserver/jwt_test.go
index 2a45c4bad5..9da9f4dea5 100644
--- a/internal/webserver/jwt_test.go
+++ b/internal/webserver/jwt_test.go
@@ -59,9 +59,7 @@ func TestHandleLogin_GET(t *testing.T) {
 	w := httptest.NewRecorder()
 	ts.handleLogin(w, r)
 	resp := w.Result()
-	assert.Equal(t, http.StatusOK, resp.StatusCode)
-	body, _ := io.ReadAll(resp.Body)
-	assert.Equal(t, "only POST methods is allowed.", string(body))
+	assert.Equal(t, http.StatusMethodNotAllowed, resp.StatusCode)
 }
 
 func TestGenerateAndValidateJWT(t *testing.T) {