cameleer/cameleer-saas
2
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: permit SPA routes /vendor/** and /tenant/** for direct navigation
All checks were successful
CI / build (push) Successful in 49s
Details
CI / docker (push) Successful in 32s
Details

Browse Source 
Without this, hard refresh on SPA routes returns 401 because Spring
Security intercepts before SpaController can forward to index.html.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-10 13:15:08 +02:00
parent 8b94937d38
commit a1acc0bc62
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java
View File

@@ -44,6 +44,7 @@ public class SecurityConfig {
.requestMatchers("/actuator/health").permitAll() .requestMatchers("/actuator/health").permitAll()
.requestMatchers("/api/config").permitAll() .requestMatchers("/api/config").permitAll()
.requestMatchers("/", "/index.html", "/login", "/callback", .requestMatchers("/", "/index.html", "/login", "/callback",
"/vendor/**", "/tenant/**",
"/environments/**", "/license", "/admin/**").permitAll() "/environments/**", "/license", "/admin/**").permitAll()
.requestMatchers("/_app/**", "/favicon.ico", "/favicon.svg", "/logo.svg", "/logo-dark.svg").permitAll() .requestMatchers("/_app/**", "/favicon.ico", "/favicon.svg", "/logo.svg", "/logo-dark.svg").permitAll()
.requestMatchers("/api/vendor/**").hasAuthority("SCOPE_platform:admin") .requestMatchers("/api/vendor/**").hasAuthority("SCOPE_platform:admin")