diff --git a/api/app_factory.py b/api/app_factory.py
index fb229ca90a..bee54e65e1 100644
--- a/api/app_factory.py
+++ b/api/app_factory.py
@@ -43,22 +43,9 @@ def create_flask_app_with_configs() -> DifyApp:
 
             if is_console_api or is_webapp_api:
                 if is_console_api:
-                    # Console bootstrap APIs exempt from license check:
-                    # - system-features: license status for expiry UI (GlobalPublicStoreProvider)
-                    # - setup: install/setup status check (AppInitializer)
-                    # - features: billing/plan features (ProviderContextProvider)
-                    # - account/profile: login check + user profile (AppContextProvider, useIsLogin)
-                    # - workspaces/current: workspace + model providers (AppContextProvider)
-                    # - version: version check (AppContextProvider)
-                    # - activate/check: invitation link validation (signin page)
-                    # Without these exemptions, the signin page triggers location.reload()
-                    # on unauthorized_and_force_logout, causing an infinite loop.
                     console_exempt_prefixes = (
                         "/console/api/system-features",
                         "/console/api/setup",
-                        "/console/api/features",
-                        "/console/api/account/profile",
-                        "/console/api/workspaces/current",
                         "/console/api/version",
                         "/console/api/activate/check",
                     )
@@ -71,19 +58,12 @@ def create_flask_app_with_configs() -> DifyApp:
                         # Check license status with caching (10 min TTL)
                         license_status = EnterpriseService.get_cached_license_status()
                         if license_status in ["inactive", "expired", "lost"]:
-                            # Cookie clearing is handled by register_external_error_handlers
-                            # in libs/external_api.py which detects the error code and calls
-                            # build_force_logout_cookie_headers(). Frontend then checks
-                            # code === 'unauthorized_and_force_logout' and calls location.reload().
                             raise UnauthorizedAndForceLogout(
                                 f"Enterprise license is {license_status}. Please contact your administrator."
                             )
                     except UnauthorizedAndForceLogout:
                         raise
                     except Exception:
-                        # If license check fails, log but don't block the request.
-                        # This prevents service disruption if enterprise API is temporarily
-                        # unavailable.
                         logger.exception("Failed to check enterprise license status")
 
     # add after request hook for injecting trace headers from OpenTelemetry span context