fix(pitch-deck): serve /screenshots/* past the auth middleware
Some checks failed
Build pitch-deck / build-push-deploy (push) Has been cancelled
CI / go-lint (push) Has been cancelled
CI / python-lint (push) Has been cancelled
CI / nodejs-lint (push) Has been cancelled
CI / test-go-consent (push) Has been cancelled
CI / test-python-voice (push) Has been cancelled
CI / test-bqas (push) Has been cancelled
Some checks failed
Build pitch-deck / build-push-deploy (push) Has been cancelled
CI / go-lint (push) Has been cancelled
CI / python-lint (push) Has been cancelled
CI / nodejs-lint (push) Has been cancelled
CI / test-go-consent (push) Has been cancelled
CI / test-python-voice (push) Has been cancelled
CI / test-bqas (push) Has been cancelled
The SDK Live Demo slide renders screenshots via next/image from /public/screenshots/*.png. Because /screenshots was not on the PUBLIC_PATHS list, every request was 307-redirected to /auth, and the next/image optimizer responded with HTTP 400 "The requested resource isn't a valid image." leaving the slide with empty dark frames (surfaced in the pitch preview). next/image also bypasses middleware itself (see the matcher), but the server-side fetch it performs for the source URL does hit middleware and carries no investor cookie, so whitelisting the path is required even for authenticated viewers. These PNGs are public marketing assets — there's no reason to gate them. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -12,6 +12,7 @@ const PUBLIC_PATHS = [
|
||||
'/manifest.json',
|
||||
'/sw.js',
|
||||
'/icons',
|
||||
'/screenshots', // SDK demo screenshots: public marketing assets. Must bypass auth because the next/image optimizer fetches them server-side without investor cookies.
|
||||
'/favicon.ico',
|
||||
]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user