client/webserver: avoid authMiddleware for file server

decred · Jun 16, 2023 · 3622872 · 3622872
1 parent 89e761a
commit 3622872
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/client/webserver/webserver.go b/client/webserver/webserver.go
@@ -289,7 +289,6 @@ func New(cfg *Config) (*WebServer, error) {
 	}
 	mux.Use(s.securityMiddleware)
 	mux.Use(middleware.Recoverer)
-	mux.Use(s.authMiddleware)
 
 	// HTTP profiler
 	if cfg.HttpProf {
@@ -313,6 +312,7 @@ func New(cfg *Config) (*WebServer, error) {
 
 	// Webpages
 	mux.Group(func(web chi.Router) {
+		web.Use(s.authMiddleware)
 		// The register page and settings page are always allowed.
 		// The register page performs init if needed, along with
 		// initial setup and settings is used to register more DEXs
@@ -363,6 +363,7 @@ func New(cfg *Config) (*WebServer, error) {
 
 	// api endpoints
 	mux.Route("/api", func(r chi.Router) {
+		r.Use(s.authMiddleware)
 		r.Use(middleware.AllowContentType("application/json"))
 		r.Post("/init", s.apiInit)
 		r.Get("/isinitialized", s.apiIsInitialized)