diff --git a/lib/Controller/ExAppProxyController.php b/lib/Controller/ExAppProxyController.php
index 10c2b13c..003dca6d 100644
--- a/lib/Controller/ExAppProxyController.php
+++ b/lib/Controller/ExAppProxyController.php
@@ -223,9 +223,9 @@ private function buildMultipartFormData(array $bodyParams, array $files): array
 		return $multipart;
 	}
 
-	private function passesExAppProxyRoutesChecks(ExApp $exApp, string $other): bool {
+	private function passesExAppProxyRoutesChecks(ExApp $exApp, string $exAppRoute): bool {
 		foreach ($exApp->getRoutes() as $route) {
-			$matchesUrlPattern = preg_match('/' . $route['url'] . '/i', $other) === 1;
+			$matchesUrlPattern = preg_match('/' . $route['url'] . '/i', $exAppRoute) === 1;
 			$matchesVerb = str_contains(strtolower($route['verb']), strtolower($this->request->getMethod()));
 			if ($matchesUrlPattern && $matchesVerb) {
 				return $this->passesExAppProxyRouteAccessLevelCheck($route['access_level']);
@@ -236,9 +236,9 @@ private function passesExAppProxyRoutesChecks(ExApp $exApp, string $other): bool
 
 	private function passesExAppProxyRouteAccessLevelCheck(int $accessLevel): bool {
 		return match ($accessLevel) {
-			ExAppRouteAccessLevel::ADMIN->value => $this->userId !== null && $this->groupManager->isAdmin($this->userId),
-			ExAppRouteAccessLevel::USER->value => $this->userId !== null,
 			ExAppRouteAccessLevel::PUBLIC->value => true,
+			ExAppRouteAccessLevel::USER->value => $this->userId !== null,
+			ExAppRouteAccessLevel::ADMIN->value => $this->userId !== null && $this->groupManager->isAdmin($this->userId),
 			default => false,
 		};
 	}
@@ -246,7 +246,9 @@ private function passesExAppProxyRouteAccessLevelCheck(int $accessLevel): bool {
 	private function buildHeadersWithExclude(ExApp $exApp, string $exAppRoute, array $headers): array {
 		$headersToExclude = [];
 		foreach ($exApp->getRoutes() as $route) {
-			if (preg_match($route['url'], $exAppRoute) === 1) {
+			$matchesUrlPattern = preg_match('/' . $route['url'] . '/i', $exAppRoute) === 1;
+			$matchesVerb = str_contains(strtolower($route['verb']), strtolower($this->request->getMethod()));
+			if ($matchesUrlPattern && $matchesVerb) {
 				$headersToExclude = json_decode($route['headers_to_exclude'], true);
 				break;
 			}
diff --git a/lib/Db/ExApp.php b/lib/Db/ExApp.php
index 228148ba..576a1d46 100644
--- a/lib/Db/ExApp.php
+++ b/lib/Db/ExApp.php
@@ -163,7 +163,7 @@ public function jsonSerialize(): array {
 }
 
 enum ExAppRouteAccessLevel: int {
-	case USER = 0;
-	case ADMIN = 1;
-	case PUBLIC = 2;
+	case PUBLIC = 0;
+	case USER = 1;
+	case ADMIN = 2;
 }