From 64a9ad1f22c5d154dba7f05406f80bf1dc2f6777 Mon Sep 17 00:00:00 2001
From: Aleksas Pielikis <ant.kampo@gmail.com>
Date: Thu, 12 Mar 2026 18:38:09 +0200
Subject: [PATCH] fix(web): allow public invite info fetches

---
 surfsense_web/lib/apis/base-api.service.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/surfsense_web/lib/apis/base-api.service.ts b/surfsense_web/lib/apis/base-api.service.ts
index 9406621f2..21e84b2b0 100644
--- a/surfsense_web/lib/apis/base-api.service.ts
+++ b/surfsense_web/lib/apis/base-api.service.ts
@@ -91,7 +91,8 @@ class BaseApiService {
 			// Validate the bearer token
 			const isNoAuthEndpoint =
 				this.noAuthEndpoints.includes(url) ||
-				this.noAuthPrefixes.some((prefix) => url.startsWith(prefix));
+				this.noAuthPrefixes.some((prefix) => url.startsWith(prefix)) ||
+				/^\/api\/v1\/invites\/[^/]+\/info$/.test(url);
 			if (!this.bearerToken && !isNoAuthEndpoint) {
 				throw new AuthenticationError("You are not authenticated. Please login again.");
 			}