fix(vulnerability): avoid expose gate endpoints (spinnaker#1497) (#58)

@W-10311911 Co-authored-by: Cristhian Castaneda <ccastanedarivera@gmail.com>
apoorvmahajan · Dec 15, 2021 · 723cf5c · 723cf5c
1 parent fff6b1d
commit 723cf5c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy
@@ -78,7 +78,7 @@ class AuthConfig {
     http
       .requestMatcher(requestMatcherProvider.requestMatcher())
       .authorizeRequests()
-        .antMatchers('/**/favicon.ico').permitAll()
+        .antMatchers('/favicon.ico').permitAll()
         .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
         .antMatchers(PermissionRevokingLogoutSuccessHandler.LOGGED_OUT_URL).permitAll()
         .antMatchers('/auth/user').permitAll()