Merge pull request #134 from creative-commoners/pulls/3/envcheck-basi…

…cauth ENH Exclude dev/check route from basic-auth check on test env
silverstripe · Jan 16, 2025 · e984cbb · e984cbb
2 parents 9c5484c + bf0c98d
commit e984cbb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/_config/security.yml b/_config/security.yml
@@ -66,11 +66,15 @@ SilverStripe\Core\Injector\Injector:
   SilverStripe\Security\BasicAuthMiddleware:
     properties:
       # Enforce basic authentication in UAT environments for all routes except for the "change password" form
+      # and the dev/check routes
       URLPatterns:
         '#^Security/lostpassword#i': false
         '#^Security/changepassword#i': false
         '#^Security/resetaccount#i': false
+        '#^dev/check$#': false
+        '#^dev/check/.+#': false
         '#.*#': ACCESS_UAT_SERVER
+
   SilverStripe\Control\Middleware\CanonicalURLMiddleware:
     properties:
       # Enforce HTTPS everywhere since basic authentication is on everywhere