fix: make GET /settings/branding public to break login loading loop

LoginPage calls /settings/branding to load branding config (logo, colors). Without @Public(), the JWT guard returns 401, which triggered the axios response interceptor to attempt a silent refresh, fail, and call window.location.href = '/login' — creating an infinite reload loop on the login page itself. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-25 00:16:41 +02:00 · 2026-03-14 11:44:50 +01:00 · 2026-03-14 11:44:50 +01:00 · 98e7f48ce2
commit 98e7f48ce2
parent ad3a580d0b
1 changed files with 2 additions and 0 deletions
--- a/packages/core-service/src/core/settings/settings.controller.ts
+++ b/packages/core-service/src/core/settings/settings.controller.ts
@ -10,6 +10,7 @@ import {
  BadRequestException,
 } from '@nestjs/common';
 import { ApiTags, ApiOperation } from '@nestjs/swagger';
+import { Public } from '../../common/decorators/public.decorator';
 import { Roles } from '../../common/decorators/roles.decorator';
 import { RolesGuard } from '../../common/guards/roles.guard';
 import { randomUUID, X509Certificate, createPrivateKey } from 'crypto';
@ -152,6 +153,7 @@ export class SettingsController {
   * Branding-Einstellungen lesen (Logo, Sidebar-Farbe, Login-Hintergrund etc.).
   */
  @Get('branding')
+  @Public()
  @ApiOperation({ summary: 'Branding-Einstellungen lesen' })
  async getBranding(): Promise<{
    logo: string | null;