GSC

innungsapp/apps/admin/middleware.ts

@@ -79,7 +79,7 @@ export function middleware(request: NextRequest) {
     // because they are shared across the entire app
     const isSharedPath = TENANT_SHARED_PATHS.some((p) => pathname.startsWith(p)) ||
                          pathname.startsWith('/_next') ||
-                         /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml)$/i.test(pathname)
+                         /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml|html)$/i.test(pathname)
 
     if (!isSharedPath && !pathname.startsWith(`/${slug}`)) {
       const rewriteUrl = request.nextUrl.clone()
@@ -96,7 +96,7 @@ export function middleware(request: NextRequest) {
       // Check if it's a known non-reserved path but could be an organization slug
       // We don't want to redirect /login, /api, etc.
       const SHARED_PATHS = ['login', 'api', 'superadmin', 'dashboard', 'registrierung', 'impressum', 'datenschutz', '_next', 'uploads', 'favicon.ico', 'passwort-aendern']
-      const isStaticAsset = /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml)$/i.test(potentialSlug)
+      const isStaticAsset = /\.(png|jpg|jpeg|gif|svg|webp|ico|txt|xml|html)$/i.test(potentialSlug)
       const isValidSlug = /^[a-z0-9][a-z0-9-]*$/.test(potentialSlug)
       if (potentialSlug && !SHARED_PATHS.includes(potentialSlug) && !isStaticAsset && isValidSlug) {
         // This looks like a tenant path being accessed from the root domain.