[core] fix /jobs access by excluding it from global Swagger basic auth#1981
Open
akozdem wants to merge 1 commit intodevlikeapro:corefrom
Open
[core] fix /jobs access by excluding it from global Swagger basic auth#1981akozdem wants to merge 1 commit intodevlikeapro:corefrom
akozdem wants to merge 1 commit intodevlikeapro:corefrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/jobsis already protected by its own auth middleware in the apps module, but it is not excluded from the global basic auth configured inSwaggerConfiguratorCore.As a result, the Jobs UI can end up behind two auth layers and return repeated 401 responses even when credentials are configured correctly.
Change
Add
/jobsand/jobs/to the global auth exclude list insrc/core/SwaggerConfiguratorCore.ts.Why
This keeps
/jobsprotected by its dedicated auth middleware while avoiding the double-auth behavior from the global Swagger basic auth layer.Validation
Confirmed in a live deployment running WAHA
2026.3.2: after excluding/jobsand/jobs/from the global Swagger basic auth layer, the Jobs UI became accessible again. I did not add a new automated test for this change, since the fix is limited to the auth exclude list and was verified in a live deployment.Related issues