feat: permit /assets/** for unauthenticated access (email watermark)

2026-04-26 10:30:33 +02:00
parent 53f0e55e93
commit e8a726af80
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java
+++ b/src/main/java/net/siegeln/cameleer/saas/config/SecurityConfig.java
@@ -46,7 +46,7 @@ public class SecurityConfig {
                        .requestMatchers("/", "/index.html", "/login", "/register", "/callback",
                                "/vendor/**", "/tenant/**", "/onboarding",
                                "/environments/**", "/license", "/admin/**").permitAll()
-                        .requestMatchers("/_app/**", "/favicon.ico", "/favicon.svg", "/logo.svg", "/logo-dark.svg").permitAll()
+                        .requestMatchers("/_app/**", "/assets/**", "/favicon.ico", "/favicon.svg", "/logo.svg", "/logo-dark.svg").permitAll()
                        .requestMatchers("/api/onboarding/**").authenticated()
                        .requestMatchers("/api/vendor/**").hasAuthority("SCOPE_platform:admin")
                        .requestMatchers("/api/tenant/**").authenticated()