From 1e94d4c2cb0d14a5948ffbc254971bc6b91e7677 Mon Sep 17 00:00:00 2001 From: webzwo0i Date: Thu, 4 Mar 2021 22:44:44 +0100 Subject: [PATCH 1/3] add more endpoints that do not need a session --- src/node/hooks/express/webaccess.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 51d57ae2e9f..0490bafdefa 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -10,12 +10,21 @@ const readOnlyManager = require('../../db/ReadOnlyManager'); hooks.deprecationNotices.authFailure = 'use the authnFailure and authzFailure hooks instead'; const staticPathsRE = new RegExp(`^/(?:${[ + 'api', 'api/.*', 'favicon\\.ico', + 'ep/pad/connection-diagnostic-info', + 'javascript', 'javascripts/.*', + 'jserror/?', 'locales\\.json', + 'locales/.*', + 'rest/.*', 'pluginfw/.*', + 'robots.txt', 'static/.*', + 'stats/?', + 'tests/frontend.*' ].join('|')})$`); exports.normalizeAuthzLevel = (level) => { From 4daab364c851680b4d13dcf521cdde84411cac02 Mon Sep 17 00:00:00 2001 From: John McLear Date: Thu, 4 Mar 2021 22:21:40 +0000 Subject: [PATCH 2/3] Update src/node/hooks/express/webaccess.js Co-authored-by: Richard Hansen --- src/node/hooks/express/webaccess.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 0490bafdefa..a8c65c6c6a2 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -10,8 +10,7 @@ const readOnlyManager = require('../../db/ReadOnlyManager'); hooks.deprecationNotices.authFailure = 'use the authnFailure and authzFailure hooks instead'; const staticPathsRE = new RegExp(`^/(?:${[ - 'api', - 'api/.*', + 'api(?:/.*)?', 'favicon\\.ico', 'ep/pad/connection-diagnostic-info', 'javascript', From 5249f88edc9e60ab9a9f862c3361a5be1099c3f5 Mon Sep 17 00:00:00 2001 From: John McLear Date: Thu, 4 Mar 2021 22:21:52 +0000 Subject: [PATCH 3/3] Update src/node/hooks/express/webaccess.js Co-authored-by: Richard Hansen --- src/node/hooks/express/webaccess.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index a8c65c6c6a2..5ff957a5289 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -23,7 +23,7 @@ const staticPathsRE = new RegExp(`^/(?:${[ 'robots.txt', 'static/.*', 'stats/?', - 'tests/frontend.*' + 'tests/frontend(?:/.*)?' ].join('|')})$`); exports.normalizeAuthzLevel = (level) => {