From d7001804f77e87981710bf84a22cfb5e952c7d9b Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 6 Apr 2026 01:15:21 +0200
Subject: [PATCH] fix: permit branding endpoints without authentication

The login page loads the branding logo before the user is signed in.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../java/com/cameleer3/server/app/security/SecurityConfig.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
index 600ecf2a..434fc057 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
@@ -89,6 +89,7 @@ public class SecurityConfig {
                         // Public endpoints
                         .requestMatchers(
                                 "/api/v1/health",
+                                "/api/v1/branding/**",
                                 "/api/v1/agents/register",
                                 "/api/v1/agents/*/refresh",
                                 "/api/v1/auth/**",