diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
index 21700bb3..7c60c7f2 100644
--- a/lib/gollum/app.rb
+++ b/lib/gollum/app.rb
@@ -144,7 +144,11 @@ module Precious
       end
     end
 
-    get %r{\/edit\/custom.(js|css)} do
+    get %r{\/(edit|create)\/custom.(js|css)} do
+      forbid
+    end
+
+    post %r{\/(deleteFile|rename|edit|revert|create)\/custom.(js|css)(\/.*)?} do
       forbid
     end
 
@@ -216,10 +220,6 @@ module Precious
       end
     end
 
-    post %r{\/(deleteFile|rename|edit|revert)\/custom.(js|css)} do
-      forbid
-    end
-
     post '/deleteFile/*' do
       forbid unless @allow_editing
       wiki = wiki_new
diff --git a/test/test_app.rb b/test/test_app.rb
index d9b69fe5..84cf9ab3 100644
--- a/test/test_app.rb
+++ b/test/test_app.rb
@@ -505,25 +505,28 @@ context "Frontend" do
     Precious::App.set(:wiki_options, { :js => nil })
   end
 
-  test "don't allow editing custom js or css" do
+  test "don't allow changing custom js or css" do
     Precious::App.set(:wiki_options, { :js => true, :css => true })
-    page = 'yaycustom'
-    text = 'customized!'
-
-    @wiki.write_page(page, :markdown, text,
-                     { :name => 'user1', :email => 'user1' });
-
-    ['.css', '.js'].each do |ext|
-      get "/edit/custom#{ext}"
-      assert_equal last_response.status 403
-    end
-
-    ['deleteFile', 'rename', 'edit', 'revert'].each do |route|
+  
+    ['create', 'edit'].each do |route|
       ['.css', '.js'].each do |ext|
-        post "/#{route}/custom#{ext}"
-        assert_equal last_response.status 403
+        get "/#{route}/custom#{ext}"
+        assert_equal 403, last_response.status, "get /#{route}/custom#{ext} -- #{last_response.inspect}"
       end
     end
+
+    ['deleteFile', 'rename', 'edit', 'create'].each do |route|
+      ['.css', '.js'].each do |ext|
+        post "/#{route}/custom#{ext}"
+        assert_equal 403, last_response.status, "post /#{route}/custom#{ext} -- #{last_response.inspect}"
+      end
+    end
+
+    ['.css', '.js'].each do |ext|
+      post "/revert/custom#{ext}/02796b1450691f90db5d6dc6a816a4980ce80d07/2f6485c2702c7c8b9b6613672337ffa7d933ddcf"
+      assert_equal 403, last_response.status, "post /revert/custom#{ext} -- #{last_response.inspect}"
+    end
+
     Precious::App.set(:wiki_options, { :js => nil })
   end