From d65cfd86dfbc1e4c36f5e05ecdab926866637130 Mon Sep 17 00:00:00 2001 From: Claude VM Date: Sun, 24 May 2026 10:33:28 +0300 Subject: [PATCH] fix(geoportal-v2): exclude /api/basemap-style/* from middleware auth gate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MapLibre fetches the style URL from the browser as a `style:` source. For raster/style fetches it doesn't always carry the session cookie (varies by browser + request mode + cross-origin policy), so the middleware was hitting it with 401 "Authentication required" and the liberty basemap silently failed to load — back to the empty cream sheet we just fixed yesterday. The /api/basemap-style/[id] proxy returns a publicly-cached OpenFreeMap style with no user data — no reason to keep it behind auth. Adding it to the matcher's bypass list lets the browser fetch it cookie-less and the basemap renders correctly for everyone. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/middleware.ts b/src/middleware.ts index 51eaaaa..9e52a94 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -58,6 +58,6 @@ export const config = { * - /favicon.ico, /robots.txt, /sitemap.xml * - Files with extensions (images, fonts, etc.) */ - "/((?!api/auth|api/version|api/notifications/digest|api/eterra/auto-refresh|api/compress-pdf|api/address-book|api/projects|auth/signin|_next|favicon\\.ico|robots\\.txt|sitemap\\.xml|.*\\..*).*)", + "/((?!api/auth|api/version|api/basemap-style|api/notifications/digest|api/eterra/auto-refresh|api/compress-pdf|api/address-book|api/projects|auth/signin|_next|favicon\\.ico|robots\\.txt|sitemap\\.xml|.*\\..*).*)", ], };