diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
index 83d2e6096..44888199a 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
@@ -36,9 +36,6 @@ class SecurityConfiguration(
           .csrf().disable()
 
         .authorizeRequests()
-          // unrestricted endpoints
-          .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
-
           // restrict all actuator endpoints to ADMIN only
           .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ADMIN")
 
@@ -70,6 +67,10 @@ class SecurityConfiguration(
     web.ignoring()
         .antMatchers(
             "/error**",
+            "/css/**",
+            "/img/**",
+            "/js/**",
+            "/favicon.ico",
             "/",
             "/index.html")
   }