From 79a4386c8229352dc1f611abaaddfc3db1f82143 Mon Sep 17 00:00:00 2001
From: John Niang <johnniang@foxmail.com>
Date: Thu, 22 May 2025 11:03:59 +0800
Subject: [PATCH] Make uploads resources protected (#7456)

#### What type of PR is this?

/kind improvement
/area core
/milestone 2.21.x

#### What this PR does / why we need it:

This PR removes `/uploads/**` from static resources to make it protected by Halo security.

#### Does this PR introduce a user-facing change?

```release-note
None
```
---
 .../java/run/halo/app/infra/config/WebServerSecurityConfig.java  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java b/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
index c0c22fcd3..741e94e26 100644
--- a/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
+++ b/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
@@ -64,7 +64,6 @@ public class WebServerSecurityConfig {
             "/uc/assets/**",
             "/themes/{themeName}/assets/{*resourcePaths}",
             "/plugins/{pluginName}/assets/**",
-            "/upload/**",
             "/webjars/**",
             "/js/**",
             "/styles/**",