Philip
d4c82867d4
/api/settings was missing from the middleware public routes allowlist, causing unauthenticated (guest) requests to be blocked before reaching the route handler. The error was silently caught, leaving settings null and hiding the amount owed, payment methods, and payment instructions. Logged-in users were unaffected as their session token passed middleware. Also update CLAUDE.md to reflect the WebSocket userId-based auth change. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
31 lines
722 B
JSON
31 lines
722 B
JSON
{
|
|
"permissions": {
|
|
"allow": [
|
|
"Bash(npm install:*)",
|
|
"Bash(npx next build:*)",
|
|
"Bash(git init:*)",
|
|
"Bash(git add:*)",
|
|
"Bash(git rm:*)",
|
|
"Bash(docker-compose up:*)",
|
|
"Bash(docker compose:*)",
|
|
"Bash(docker version:*)",
|
|
"Bash(sudo apt-get update:*)",
|
|
"Bash(chmod:*)",
|
|
"Bash(dpkg:*)",
|
|
"Bash(docker:*)",
|
|
"Bash(curl:*)",
|
|
"Bash(ss:*)",
|
|
"Bash(echo:*)",
|
|
"Bash(iptables:*)",
|
|
"Bash(npx tsc:*)",
|
|
"Bash(npx prisma generate:*)",
|
|
"Bash(timeout 3 node:*)",
|
|
"Bash(git commit:*)",
|
|
"Bash(git config:*)",
|
|
"Bash(git remote add:*)",
|
|
"Bash(git push:*)",
|
|
"Bash(git remote set-url:*)"
|
|
]
|
|
}
|
|
}
|