From 4ca989a255a9b4eed06b122b9fad97304eb930d7 Mon Sep 17 00:00:00 2001
From: webzwo0i <webzwo0i@c3d2.de>
Date: Fri, 5 Mar 2021 08:48:33 +0100
Subject: [PATCH] sessions: add more endpoints that do not need a session
 (#4921)

* add more endpoints that do not need a session

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: John McLear <john@mclear.co.uk>
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
---
 src/node/hooks/express/webaccess.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 51d57ae2..5ff957a5 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -10,12 +10,20 @@ const readOnlyManager = require('../../db/ReadOnlyManager');
 hooks.deprecationNotices.authFailure = 'use the authnFailure and authzFailure hooks instead';
 
 const staticPathsRE = new RegExp(`^/(?:${[
-  'api/.*',
+  'api(?:/.*)?',
   'favicon\\.ico',
+  'ep/pad/connection-diagnostic-info',
+  'javascript',
   'javascripts/.*',
+  'jserror/?',
   'locales\\.json',
+  'locales/.*',
+  'rest/.*',
   'pluginfw/.*',
+  'robots.txt',
   'static/.*',
+  'stats/?',
+  'tests/frontend(?:/.*)?'
 ].join('|')})$`);
 
 exports.normalizeAuthzLevel = (level) => {