fix(security): fix access to public envs when bot is unmounted (#374)

botpress · Jul 28, 2022 · 7a6ff2e · 7a6ff2e
1 parent 7d69cae
commit 7a6ff2e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/studio-be/src/core/security/router-security.ts b/packages/studio-be/src/core/security/router-security.ts
@@ -156,7 +156,7 @@ export const checkBotVisibility =
     // '___' is a non-valid botId, but here acts as for "all bots"
     // This is used in modules when they setup routes that work on a global level (they are not tied to a specific bot)
     // Check the 'sso-login' module for an example
-    if (req.params.botId === '___' || req.originalUrl.endsWith('env')) {
+    if (req.params.botId === '___' || req.originalUrl.endsWith('env') || req.originalUrl.endsWith('env.js')) {
       return next()
     }