From aa969fd8bdc236a6d40d9fbe968d8bdd77e3df7b Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Thu, 21 Nov 2019 15:32:51 +0800
Subject: [PATCH] ignore web security for static assets

---
 .../komga/infrastructure/security/SecurityConfiguration.kt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
index 83d2e6096..44888199a 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
@@ -36,9 +36,6 @@ class SecurityConfiguration(
           .csrf().disable()
 
         .authorizeRequests()
-          // unrestricted endpoints
-          .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
-
           // restrict all actuator endpoints to ADMIN only
           .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ADMIN")
 
@@ -70,6 +67,10 @@ class SecurityConfiguration(
     web.ignoring()
         .antMatchers(
             "/error**",
+            "/css/**",
+            "/img/**",
+            "/js/**",
+            "/favicon.ico",
             "/",
             "/index.html")
   }