Fix #1676 - Batch static files should be available without auth for viewing results (#1681)

Author: aequitas

docker/webserver/nginx_templates/app.conf.template

@@ -230,6 +230,10 @@ server {
 
     # static files served from app
     location /static {
+        # these are unauthenticated as they are used for batch results as well
+        auth_basic off;
+        allow all;
+
         # enable cache
         proxy_cache            ${NGINX_PROXY_CACHE};
         # static files don't change often, cache for long
@@ -241,7 +245,6 @@ server {
 
         # pass host for Django's allowed_hosts
         proxy_set_header Host $host;
-        include /etc/nginx/conf.d/basic_auth.include;
         proxy_pass http://${IPV4_IP_APP_INTERNAL}:8080;
     }
 

integration_tests/batch/test_batch.py

@@ -126,6 +126,12 @@ def test_batch_request(unique_id, register_test_user, test_domain):
     assert response.status_code == 200, "test results should be publicly accessible without authentication"
 
 
+def test_batch_static_requires_no_auth():
+    """Static files should be available without authentication for viewing batch results."""
+    response = requests.get(f"https://{APP_DOMAIN}/static/js/menu-min.js", json={}, verify=False)
+    assert response.status_code == 200
+
+
 def test_cron_delete_batch_results(trigger_cron, docker_compose_exec):
     """Test if batch results are compressed and deleted."""