1 files changed, 2 insertions, 1 deletions

diff --git a/backend/helpers.py b/backend/helpers.py
index b3c8a51e..0991f446 100644
--- a/backend/helpers.py
+++ b/backend/helpers.py
@@ -18,6 +18,7 @@ user = None
 group = None
 
 assets_regex = re.compile("^/plugins/.*/assets/.*")
+frontend_regex = re.compile("^/frontend/.*")
 
 def get_ssl_context():
     return ssl_ctx
@@ -27,7 +28,7 @@ def get_csrf_token():
 
 @middleware
 async def csrf_middleware(request, handler):
-    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)):
+    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
         return await handler(request)
     return Response(text='Forbidden', status='403')