chore: tighten restrictions on auth passthrough for docs urls

bento-platform · May 3, 2024 · f3e5d30 · f3e5d30
1 parent 44495d4
commit f3e5d30
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/bento_authorization_service/main.py b/bento_authorization_service/main.py
@@ -60,9 +60,10 @@ async def permissions_enforcement(request: Request, call_next) -> Response:
 
     # Allow pre-flight responses through
     # Allow docs responses through in development mode
+    req_path = request.url.path
     if request.method == "OPTIONS" or (
         config_for_setup.bento_debug
-        and (request.url.path.startswith(DOCS_URL) or request.url.path.startswith(OPENAPI_URL))
+        and (req_path == DOCS_URL or req_path.startswith(f"{DOCS_URL}/") or req_path == OPENAPI_URL)
     ):
         return await call_next(request)