From c911de6a6cb42ff288c698e48b81dc1bb2ad85d4 Mon Sep 17 00:00:00 2001 From: GareArc Date: Sun, 8 Mar 2026 23:45:10 -0700 Subject: [PATCH] fix: exempt setup flow endpoints from license check Add /console/api/init and /console/api/login to the license exempt list so that fresh installs can complete setup when the enterprise license is inactive. Without these exemptions the init password validation and post-setup auto-login are blocked, causing the setup page to enter an infinite reload loop. --- api/app_factory.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/api/app_factory.py b/api/app_factory.py index 881be13549..3103882ffc 100644 --- a/api/app_factory.py +++ b/api/app_factory.py @@ -44,9 +44,23 @@ def create_flask_app_with_configs() -> DifyApp: if is_console_api or is_webapp_api: if is_console_api: + # Console bootstrap APIs exempt from license check: + # - system-features: license status for expiry UI (GlobalPublicStoreProvider) + # - setup: install/setup status check (AppInitializer) + # - init: init password validation for fresh install (InitPasswordPopup) + # - login: auto-login after setup completion (InstallForm) + # - features: billing/plan features (ProviderContextProvider) + # - account/profile: login check + user profile (AppContextProvider, useIsLogin) + # - workspaces/current: workspace + model providers (AppContextProvider) + # - version: version check (AppContextProvider) + # - activate/check: invitation link validation (signin page) + # Without these exemptions, the signin page triggers location.reload() + # on unauthorized_and_force_logout, causing an infinite loop. console_exempt_prefixes = ( "/console/api/system-features", "/console/api/setup", + "/console/api/init", + "/console/api/login", "/console/api/version", "/console/api/activate/check", )