diff --git a/apps/emqx_management/src/emqx_mgmt_http.erl b/apps/emqx_management/src/emqx_mgmt_http.erl
index 57c54ed3f..99263fbfd 100644
--- a/apps/emqx_management/src/emqx_mgmt_http.erl
+++ b/apps/emqx_management/src/emqx_mgmt_http.erl
@@ -124,7 +124,10 @@ handle_request(_Method, _Path, Req) ->
     cowboy_req:reply(400, #{<<"content-type">> => <<"text/plain">>}, <<"Not found.">>, Req).
 
 authorize_appid(Req) ->
-    authorize_appid(cowboy_req:method(Req), cowboy_req:path(Req), Req).
+    authorize_appid(
+      iolist_to_binary(string:uppercase(cowboy_req:method(Req))),
+      iolist_to_binary(cowboy_req:path(Req)),
+      Req).
 
 authorize_appid(<<"GET">>, <<"/api/v4/emqx_prometheus">>, _Req) ->
     true;
diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard.erl
index 3ad0694c4..fa3f0e7df 100644
--- a/lib-ce/emqx_dashboard/src/emqx_dashboard.erl
+++ b/lib-ce/emqx_dashboard/src/emqx_dashboard.erl
@@ -107,7 +107,10 @@ http_handlers() ->
 %%--------------------------------------------------------------------
 
 is_authorized(Req) ->
-    is_authorized(cowboy_req:method(Req), cowboy_req:path(Req), Req).
+    is_authorized(
+      iolist_to_binary(string:uppercase(cowboy_req:method(Req))),
+      iolist_to_binary(cowboy_req:path(Req)),
+      Req).
 
 is_authorized(<<"GET">>, <<"/api/v4/emqx_prometheus">>, _Req) ->
     true;