From 0a43fe95ea3fc062746c0970c922a1947906792d Mon Sep 17 00:00:00 2001 From: "matthias.lotz" Date: Sat, 8 Nov 2025 14:25:57 +0100 Subject: [PATCH] fix(nginx): Remove Basic Auth from /api/admin routes The /moderation page is already password-protected, so API routes called from that page don't need additional authentication. This fixes 'Unexpected token <' error in deletion log display. --- docker/dev/frontend/nginx.conf | 5 +---- docker/prod/frontend/nginx.conf | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/docker/dev/frontend/nginx.conf b/docker/dev/frontend/nginx.conf index f36c6aa..4a52652 100644 --- a/docker/dev/frontend/nginx.conf +++ b/docker/dev/frontend/nginx.conf @@ -55,11 +55,8 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } - # Protected API - Admin API routes (password protected) + # Admin API routes (NO password protection - protected by /moderation page access) location /api/admin { - auth_basic "Restricted Area - Admin API"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass http://backend-dev:5000/api/admin; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/docker/prod/frontend/nginx.conf b/docker/prod/frontend/nginx.conf index eba988c..523a6fa 100644 --- a/docker/prod/frontend/nginx.conf +++ b/docker/prod/frontend/nginx.conf @@ -89,11 +89,8 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # Protected API - Admin API routes (password protected) + # Admin API routes (NO password protection - protected by /moderation page access) location /api/admin { - auth_basic "Restricted Area - Admin API"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass http://image-uploader-backend:5000/api/admin; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;