From ff8536b448356525341fbf74131cbf6b75f524aa Mon Sep 17 00:00:00 2001
From: Vincent Guillet <vincent.guillet@outlook.com>
Date: Wed, 3 Dec 2025 22:47:14 +0100
Subject: [PATCH] Update SecurityConfig to require authentication for
 /api/app/** endpoints

---
 api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
index 4daaeeb..5ec9f12 100644
--- a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
+++ b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
@@ -46,7 +46,7 @@ public class SecurityConfig {
                         .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // autoriser les preflight
                         .requestMatchers("/api/auth/**").permitAll()
                         .requestMatchers("/api/users/**").authenticated()
-                        .requestMatchers("/api/app/**").permitAll()
+                        .requestMatchers("/api/app/**").authenticated()
                         .anyRequest().permitAll()
                 )
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))