From 956da6df2e6632b5a985baa4fb68a3b909153028 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Tue, 24 Feb 2026 22:13:03 +0000
Subject: [PATCH] Skip silent auth check for /internal/ and /oembed paths

Fragment and oEmbed endpoints must be accessible without authentication.
The silent auth middleware was returning 302 redirects, causing fragment
fetches from coop apps to silently fail.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 app/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/__init__.py b/app/__init__.py
index 9728b37..4f1ce4c 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -19,7 +19,7 @@ from artdag_common.middleware.auth import get_user_from_cookie
 from .config import settings
 
 # Paths that should never trigger a silent auth check
-_SKIP_PREFIXES = ("/auth/", "/static/", "/api/", "/ipfs/", "/download/", "/inbox", "/health")
+_SKIP_PREFIXES = ("/auth/", "/static/", "/api/", "/ipfs/", "/download/", "/inbox", "/health", "/internal/", "/oembed")
 _SILENT_CHECK_COOLDOWN = 300  # 5 minutes
 _DEVICE_COOKIE = "artdag_did"
 _DEVICE_COOKIE_MAX_AGE = 30 * 24 * 3600  # 30 days