Exempt AP paths from auth state check

/.well-known/, /users/, /nodeinfo/ now skip the prompt=none OAuth redirect so ActivityPub endpoints work for unauthenticated remote servers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 20:19:25 +00:00
parent 1bb19c96ed
commit 856ba94f3b
1 changed files with 1 additions and 1 deletions
--- a/infrastructure/factory.py
+++ b/infrastructure/factory.py
@@ -159,7 +159,7 @@ def create_base_app(
        async def _check_auth_state():
            from quart import session as qs
            from urllib.parse import quote as _quote
-            if request.path.startswith("/auth/") or request.path.startswith("/static/"):
+            if request.path.startswith(("/auth/", "/static/", "/.well-known/", "/users/", "/nodeinfo/")):
                return

            uid = qs.get("uid")