General work on API

2 files changed, 11 insertions, 8 deletions

diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts
index 20ba42d8..429cf11e 100644
--- a/api/src/middlewares/Authentication.ts
+++ b/api/src/middlewares/Authentication.ts
@@ -3,25 +3,27 @@ import { HTTPError } from "lambert-server";
 import { checkToken, Config, Rights } from "@fosscord/util";
 
 export const NO_AUTHORIZATION_ROUTES = [
-	//Authentication routes
+	// Authentication routes
 	"/auth/login",
 	"/auth/register",
 	"/auth/location-metadata",
-	//Routes with a seperate auth system
+	// Routes with a seperate auth system
 	"/webhooks/",
-	//Public information endpoints 
+	// Public information endpoints 
 	"/ping",
 	"/gateway",
 	"/experiments",
-	//Public kubernetes integration
+	"/updates",
+	"/downloads/",
+	// Public kubernetes integration
 	"/-/readyz",
 	"/-/healthz",
-	//Client nalytics
+	// Client analytics
 	"/science",
 	"/track",
-	//Public policy pages
+	// Public policy pages
 	"/policies/instance",
-	//Asset delivery
+	// Asset delivery
 	/\/guilds\/\d+\/widget\.(json|png)/
 ];
 
diff --git a/api/src/middlewares/TestClient.ts b/api/src/middlewares/TestClient.ts
index 7139b59c..5c0b081b 100644
--- a/api/src/middlewares/TestClient.ts
+++ b/api/src/middlewares/TestClient.ts
@@ -88,7 +88,8 @@ export default function TestClient(app: Application) {
 		res.set("Cache-Control", "public, max-age=" + 60 * 60 * 24);
 		res.set("content-type", "text/html");
 
-        if(req.url.startsWith("/api")) return;
+		if(req.url.startsWith("/api") || req.url.startsWith("/__development")) return;
+
 		if(!useTestClient) return res.send("Test client is disabled on this instance. Use a stand-alone client to connect this instance.")
 		if (req.url.startsWith("/invite")) return res.send(html.replace("9b2b7f0632acd0c5e781", "9f24f709a3de09b67c49"));