Permit unauthenticated access to health/info/prometheus actuator endpoints (#1138)

Brutus5000 · claude · web-flow · commit 52dd19e0834c · 2026-06-14T09:20:04.000+02:00
Co-authored-by: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java b/src/main/java/com/faforever/api/config/security/WebSecurityConfig.java
@@ -1,6 +1,7 @@
 package com.faforever.api.config.security;
 
 import com.faforever.api.security.FafAuthenticationConverter;
+import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -37,6 +38,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
     });
     http.authorizeHttpRequests(authorizeConfig -> {
       authorizeConfig.requestMatchers(HttpMethod.OPTIONS).permitAll();
+      authorizeConfig.requestMatchers(EndpointRequest.to("health", "info", "prometheus")).permitAll();
       // Swagger UI
       authorizeConfig.requestMatchers(
         "/swagger-ui/**",
