diff --git a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt index 5cfa455..dc51a9f 100644 --- a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt +++ b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt @@ -26,7 +26,7 @@ class FirebaseAuthFilter( return true } return path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images/[^/]+/file$")) - || path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images$")) + || (path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images$")) && request.method.equals("GET", true)) || (path.matches(Regex("^/properties/[^/]+/room-types$")) && request.method.equals("GET", true)) || path.matches(Regex("^/properties/[^/]+/room-types/[^/]+/images$")) || (path == "/image-tags" && request.method.equals("GET", true)) diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt index 2d7e87a..02aa11d 100644 --- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt +++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt @@ -27,7 +27,7 @@ class SecurityConfig( .authorizeHttpRequests { it.requestMatchers("/", "/health", "/auth/**").permitAll() it.requestMatchers("/properties/*/rooms/*/images/*/file").permitAll() - it.requestMatchers("/properties/*/rooms/*/images").permitAll() + it.requestMatchers(org.springframework.http.HttpMethod.GET, "/properties/*/rooms/*/images").permitAll() it.requestMatchers(org.springframework.http.HttpMethod.GET, "/properties/*/room-types").permitAll() it.requestMatchers("/properties/*/room-types/*/images").permitAll() it.requestMatchers(org.springframework.http.HttpMethod.GET, "/image-tags").permitAll()