fix: remove extra exempts

2026-03-06 07:35:14 +00:00 · 2026-03-05 01:10:23 -08:00
parent b0138316f0
commit a0dcd04546
1 changed files with 0 additions and 20 deletions
--- a/api/app_factory.py
+++ b/api/app_factory.py
@@ -43,22 +43,9 @@ def create_flask_app_with_configs() -> DifyApp:

            if is_console_api or is_webapp_api:
                if is_console_api:
-                    # Console bootstrap APIs exempt from license check:
-                    # - system-features: license status for expiry UI (GlobalPublicStoreProvider)
-                    # - setup: install/setup status check (AppInitializer)
-                    # - features: billing/plan features (ProviderContextProvider)
-                    # - account/profile: login check + user profile (AppContextProvider, useIsLogin)
-                    # - workspaces/current: workspace + model providers (AppContextProvider)
-                    # - version: version check (AppContextProvider)
-                    # - activate/check: invitation link validation (signin page)
-                    # Without these exemptions, the signin page triggers location.reload()
-                    # on unauthorized_and_force_logout, causing an infinite loop.
                    console_exempt_prefixes = (
                        "/console/api/system-features",
                        "/console/api/setup",
-                        "/console/api/features",
-                        "/console/api/account/profile",
-                        "/console/api/workspaces/current",
                        "/console/api/version",
                        "/console/api/activate/check",
                    )
@@ -71,19 +58,12 @@ def create_flask_app_with_configs() -> DifyApp:
                        # Check license status with caching (10 min TTL)
                        license_status = EnterpriseService.get_cached_license_status()
                        if license_status in ["inactive", "expired", "lost"]:
-                            # Cookie clearing is handled by register_external_error_handlers
-                            # in libs/external_api.py which detects the error code and calls
-                            # build_force_logout_cookie_headers(). Frontend then checks
-                            # code === 'unauthorized_and_force_logout' and calls location.reload().
                            raise UnauthorizedAndForceLogout(
                                f"Enterprise license is {license_status}. Please contact your administrator."
                            )
                    except UnauthorizedAndForceLogout:
                        raise
                    except Exception:
-                        # If license check fails, log but don't block the request.
-                        # This prevents service disruption if enterprise API is temporarily
-                        # unavailable.
                        logger.exception("Failed to check enterprise license status")

    # add after request hook for injecting trace headers from OpenTelemetry span context