diff --git a/cmd/syncthing/gui_csrf.go b/cmd/syncthing/gui_csrf.go
index ee8ee39d8..b31e99935 100644
--- a/cmd/syncthing/gui_csrf.go
+++ b/cmd/syncthing/gui_csrf.go
@@ -43,6 +43,12 @@ func csrfMiddleware(prefix string, next http.Handler) http.Handler {
 			return
 		}
 
+		if r.Method == "GET" {
+			// Allow GET requests unconditionally
+			next.ServeHTTP(w, r)
+			return
+		}
+
 		// Verify the CSRF token
 		token := r.Header.Get("X-CSRF-Token")
 		if !validCsrfToken(token) {