fix: use stricter URL matching in enterprise filter

2025-12-18 20:04:17 +01:00 · 2025-12-16 09:39:31 +05:30 · 2025-12-16 09:39:31 +05:30 · cce97dbe46
commit cce97dbe46
parent 27068593d6
1 changed files with 12 additions and 4 deletions
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/EnterpriseEndpointFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/EnterpriseEndpointFilter.java
@ -28,11 +28,19 @@ public class EnterpriseEndpointFilter extends OncePerRequestFilter {
        if (!runningProOrHigher && isPrometheusEndpointRequest(request)) {
            // Allow only health checks to pass through for non-pro users
            String uri = request.getRequestURI();
+
+            // Strip the context path
+            String contextPath = request.getContextPath();
+            String trimmedUri =
+                    (contextPath != null && uri.startsWith(contextPath))
+                            ? uri.substring(contextPath.length())
+                            : uri;
+
            boolean isHealthCheck =
-                    uri.contains("/actuator/health")
-                            || uri.contains("/healthz")
-                            || uri.contains("/liveness")
-                            || uri.contains("/readiness");
+                    trimmedUri.startsWith("/actuator/health")
+                            || "/healthz".equals(trimmedUri)
+                            || "/liveness".equals(trimmedUri)
+                            || "/readiness".equals(trimmedUri);

            if (!isHealthCheck) {
                response.setStatus(HttpStatus.NOT_FOUND.value());