forked from Nixius/authelia
20 lines
1.2 KiB
Plaintext
20 lines
1.2 KiB
Plaintext
---
|
|
description: Never remove /success or other Stripe/auth bypass routes from Authelia
|
|
alwaysApply: true
|
|
---
|
|
|
|
# Authelia bypass routes must not be reverted
|
|
|
|
**Recurring issue:** After Stripe checkout, users are sent to `https://bc.a250.ca/success?session_id=...`. If `/success` is **not** in Authelia's **bypass** list, they get sent to login instead of the success page and provisioning breaks.
|
|
|
|
**Do not:**
|
|
|
|
- Remove `/success` from the bypass `resources` in `stack.yml` (the Authelia command that writes `configuration.acl.yml`).
|
|
- Remove or merge the bypass block that contains: `^/$$`, `^/subscribe/?$$`, `^/success(/|\\?.*)?$$`, `^/webhook/stripe/?$$`, `^/resend-reset/?$$`, `^/health/?$$`, `^/version/?$$`, `^/admin/delete-user/?$$`.
|
|
- Change the regex for success to something that no longer matches `/success?session_id=...`.
|
|
|
|
**Required bypass resources for bc.a250.ca (second bypass block):**
|
|
`/`, `/subscribe`, `/success` (with optional query), `/webhook/stripe`, `/resend-reset`, `/health`, `/version`, `/admin/delete-user`.
|
|
|
|
**If editing `stack.yml` Authelia section:** keep the entire bypass block and all of these resources; only add new paths when the user explicitly asks.
|