You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/access-controls.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -79,13 +79,17 @@ The `tinyauth.users` label can be either a comma separated list of users or a re
79
79
Tinyauth also supports skipping authentication for specific paths. This can be useful if you need an API path to be accessed without needing to login to Tinyauth. You can allow a path using the `allowed` label:
80
80
81
81
```yaml
82
-
tinyauth.allowed: \/api
82
+
tinyauth.allowed: ^\/api
83
83
```
84
84
85
85
After you restart the app, Tinyauth will allow access to the `/api` endpoint regardless if the user is logged in or not.
86
86
87
87
:::info
88
88
The `tinyauth.allowed` label uses a regex string to match the URL path.
89
+
90
+
For example, `^\/api` matches any path starting with `/api`, and `^\/ping$` matches the exact path `/ping`.
91
+
92
+
Be careful with regexes such as `\/api`, because that matches any path with `/api` anywhere in the path, including `/example/api/abc`
89
93
:::
90
94
91
95
## Allowing and restricting access based on IP address or CIDRs
0 commit comments