diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 51e0dc48f9..85d77b6fff 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -187,6 +187,7 @@ class Kernel extends HttpKernel
             ],
             // do only bindings, no auth
             'api_basic' => [
+                AcceptHeaders::class,
                 'bindings',
             ],
         ];
diff --git a/app/Http/Middleware/AcceptHeaders.php b/app/Http/Middleware/AcceptHeaders.php
index c7de9c452b..7905d004b6 100644
--- a/app/Http/Middleware/AcceptHeaders.php
+++ b/app/Http/Middleware/AcceptHeaders.php
@@ -44,14 +44,23 @@ class AcceptHeaders
      */
     public function handle($request, $next): mixed
     {
-        $method = $request->getMethod();
+        $method       = $request->getMethod();
+        $accepts      = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json', '*/*'];
+        $contentTypes = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json'];
+        $submitted    = (string)$request->header('Content-Type');
 
-        if ('GET' === $method && !$request->accepts(['application/json', 'application/vnd.api+json'])) {
-            throw new BadHttpHeaderException('Your request must accept either application/json or application/vnd.api+json');
+
+        // if bad Accept header, send error.
+        if (!$request->accepts($accepts)) {
+            throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept')));
         }
-        $allowed   = ['application/x-www-form-urlencoded', 'application/json',''];
-        $submitted = (string)$request->header('Content-Type');
-        if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $allowed, true)) {
+        // if bad 'Content-Type' header, refuse service.
+        if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type')) {
+            $error             = new BadHttpHeaderException('Content-Type header cannot be empty');
+            $error->statusCode = 415;
+            throw $error;
+        }
+        if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $contentTypes, true)) {
             $error             = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted));
             $error->statusCode = 415;
             throw $error;