From 00bff3bcf7490eec9c76e18c4be7c1b0c9335976 Mon Sep 17 00:00:00 2001
From: Timo Knuth <knuth.timo@gmail.com>
Date: Wed, 29 Apr 2026 23:52:19 +0200
Subject: [PATCH] GSC

---
 innungsapp/apps/admin/middleware.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/innungsapp/apps/admin/middleware.ts b/innungsapp/apps/admin/middleware.ts
index 487e990..421daf2 100644
--- a/innungsapp/apps/admin/middleware.ts
+++ b/innungsapp/apps/admin/middleware.ts
@@ -79,7 +79,7 @@ export function middleware(request: NextRequest) {
     // because they are shared across the entire app
     const isSharedPath = TENANT_SHARED_PATHS.some((p) => pathname.startsWith(p)) ||
                          pathname.startsWith('/_next') ||
-                         /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml)$/i.test(pathname)
+                         /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml|html)$/i.test(pathname)
 
     if (!isSharedPath && !pathname.startsWith(`/${slug}`)) {
       const rewriteUrl = request.nextUrl.clone()
@@ -96,7 +96,7 @@ export function middleware(request: NextRequest) {
       // Check if it's a known non-reserved path but could be an organization slug
       // We don't want to redirect /login, /api, etc.
       const SHARED_PATHS = ['login', 'api', 'superadmin', 'dashboard', 'registrierung', 'impressum', 'datenschutz', '_next', 'uploads', 'favicon.ico', 'passwort-aendern']
-      const isStaticAsset = /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml)$/i.test(potentialSlug)
+      const isStaticAsset = /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml|html)$/i.test(potentialSlug)
       const isValidSlug = /^[a-z0-9][a-z0-9-]*$/.test(potentialSlug)
       if (potentialSlug && !SHARED_PATHS.includes(potentialSlug) && !isStaticAsset && isValidSlug) {
         // This looks like a tenant path being accessed from the root domain.