---
description: Never remove /success or other Stripe/auth bypass routes from Authelia
alwaysApply: true
---

# Authelia bypass routes must not be reverted

**Recurring issue:** After Stripe checkout, users are sent to `https://bc.a250.ca/success?session_id=...`. If `/success` is **not** in Authelia's **bypass** list, they get sent to login instead of the success page and provisioning breaks.

**Do not:**

- Remove `/success` from the bypass `resources` in `stack.yml` (the Authelia command that writes `configuration.acl.yml`).
- Remove or merge the bypass block that contains: `^/$$`, `^/subscribe/?$$`, `^/success(/|\\?.*)?$$`, `^/webhook/stripe/?$$`, `^/resend-reset/?$$`, `^/health/?$$`, `^/version/?$$`, `^/admin/delete-user/?$$`.
- Change the regex for success to something that no longer matches `/success?session_id=...`.

**Required bypass resources for bc.a250.ca (second bypass block):**  
`/`, `/subscribe`, `/success` (with optional query), `/webhook/stripe`, `/resend-reset`, `/health`, `/version`, `/admin/delete-user`.

**If editing `stack.yml` Authelia section:** keep the entire bypass block and all of these resources; only add new paths when the user explicitly asks.