2026-03-19 12:07:20 +01:00
1 changed files with 2 additions and 0 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/config/SecurityConfig.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/config/SecurityConfig.java
@@ -46,6 +46,8 @@ public class SecurityConfig {
                .csrf(csrf -> csrf.disable())

                .authorizeHttpRequests(auth -> {
+                    // Health endpoint must be open so CI/Docker health checks work without credentials
+                    auth.requestMatchers("/actuator/health").permitAll();
                    // In dev, allow unauthenticated access to the OpenAPI spec and Swagger UI
                    if (environment.matchesProfiles("dev")) {
                        auth.requestMatchers(