diff --git a/src/aphront/AphrontRequest.php b/src/aphront/AphrontRequest.php
--- a/src/aphront/AphrontRequest.php
+++ b/src/aphront/AphrontRequest.php
@@ -705,7 +705,7 @@
   }
 
   public function isPreviewRequest() {
-    return $this->isFormPost() && $this->getStr('__preview__');
+    return $this->getStr('__preview__');
   }
 
   /**
diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php
--- a/src/applications/transactions/editengine/PhabricatorEditEngine.php
+++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php
@@ -1893,10 +1893,11 @@
 
     $controller = $this->getController();
     $request = $controller->getRequest();
+    $is_preview = $request->isPreviewRequest();
 
     // NOTE: We handle hisec inside the transaction editor with "Sign With MFA"
     // comment actions.
-    if (!$request->isFormOrHisecPost()) {
+    if (!$request->isFormOrHisecPost() && !$is_preview) {
       return new Aphront400Response();
     }
 
@@ -1912,7 +1913,6 @@
 
     $fields = $this->buildEditFields($object);
 
-    $is_preview = $request->isPreviewRequest();
     $view_uri = $this->getEffectiveObjectViewURI($object);
 
     $template = $object->getApplicationTransactionTemplate();