Sabo/webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): redirect to /login when auth is enabled and accessing root

Browse Source 
'/' and '/index.html' were in PUBLIC_PATHS, so setting a password
and refreshing the root URL would show the app blank (JS loaded
but all API calls returned 401) instead of redirecting to /login.

Root and index.html must be protected paths so the browser gets a
302 -> /login when auth is active and no valid session cookie exists.
This commit is contained in:
Nathan Esquenazi
2026-04-03 13:11:07 +00:00
parent 3c95502979
commit d88419ccfb
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/auth.py
View File

@@ -14,7 +14,7 @@ from api.config import STATE_DIR, load_settings
# ── Public paths (no auth required) ─────────────────────────────────────────
PUBLIC_PATHS = frozenset({
'/', '/index.html', '/login', '/health', '/favicon.ico',
'/login', '/health', '/favicon.ico',
'/api/auth/login', '/api/auth/status',
})