From c7d4a0cba89eff2de7b1613de3835fc379b4af80 Mon Sep 17 00:00:00 2001
From: clawdbot <clawdbot@pop-os.localdomain>
Date: Sat, 21 Feb 2026 12:10:55 -0500
Subject: [PATCH] fix: add comic-page to auth bypass patterns

Like covers and author images, comic pages need to be
accessible without authentication for img src to work.
---
 server/Auth.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/Auth.js b/server/Auth.js
index f63e84460..085ed14d4 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -18,7 +18,11 @@ const { escapeRegExp } = require('./utils')
 class Auth {
   constructor() {
     const escapedRouterBasePath = escapeRegExp(global.RouterBasePath)
-    this.ignorePatterns = [new RegExp(`^(${escapedRouterBasePath}/api)?/items/[^/]+/cover$`), new RegExp(`^(${escapedRouterBasePath}/api)?/authors/[^/]+/image$`)]
+    this.ignorePatterns = [
+      new RegExp(`^(${escapedRouterBasePath}/api)?/items/[^/]+/cover$`),
+      new RegExp(`^(${escapedRouterBasePath}/api)?/authors/[^/]+/image$`),
+      new RegExp(`^(${escapedRouterBasePath}/api)?/items/[^/]+/comic-page/[0-9]+`)
+    ]
 
     /** @type {import('express-rate-limit').RateLimitRequestHandler} */
     this.authRateLimiter = RateLimiterFactory.getAuthRateLimiter()