From 98e7f48ce2bc088a90c9bf68a5de250ce79c4a74 Mon Sep 17 00:00:00 2001 From: Thomas Reitz Date: Sat, 14 Mar 2026 11:44:50 +0100 Subject: [PATCH] fix: make GET /settings/branding public to break login loading loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit LoginPage calls /settings/branding to load branding config (logo, colors). Without @Public(), the JWT guard returns 401, which triggered the axios response interceptor to attempt a silent refresh, fail, and call window.location.href = '/login' — creating an infinite reload loop on the login page itself. Co-Authored-By: Claude Sonnet 4.6 --- packages/core-service/src/core/settings/settings.controller.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/core-service/src/core/settings/settings.controller.ts b/packages/core-service/src/core/settings/settings.controller.ts index c8d802e..9fbcdd3 100644 --- a/packages/core-service/src/core/settings/settings.controller.ts +++ b/packages/core-service/src/core/settings/settings.controller.ts @@ -10,6 +10,7 @@ import { BadRequestException, } from '@nestjs/common'; import { ApiTags, ApiOperation } from '@nestjs/swagger'; +import { Public } from '../../common/decorators/public.decorator'; import { Roles } from '../../common/decorators/roles.decorator'; import { RolesGuard } from '../../common/guards/roles.guard'; import { randomUUID, X509Certificate, createPrivateKey } from 'crypto'; @@ -152,6 +153,7 @@ export class SettingsController { * Branding-Einstellungen lesen (Logo, Sidebar-Farbe, Login-Hintergrund etc.). */ @Get('branding') + @Public() @ApiOperation({ summary: 'Branding-Einstellungen lesen' }) async getBranding(): Promise<{ logo: string | null;