Restrict CSRF bootstrap exemption to GET

Author: ErykKul

src/main/java/edu/harvard/iq/dataverse/api/auth/AuthFilter.java

@@ -86,6 +86,9 @@ private boolean isSessionCookieRequest(ContainerRequestContext containerRequestC
      * plus the authenticated session cookie, and do not require an existing CSRF header.
      */
     private boolean isCsrfTokenBootstrapEndpoint(ContainerRequestContext containerRequestContext) {
+        if (!"GET".equalsIgnoreCase(containerRequestContext.getMethod())) {
+            return false;
+        }
         String path = containerRequestContext.getUriInfo().getPath();
         if (path == null) {
             return false;