Add authelia bypass for some favicons

.secrets-baseline

@@ -132,7 +132,7 @@
         "filename": "core/authelia.yml",
         "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
         "is_verified": false,
-        "line_number": 189,
+        "line_number": 201,
         "is_secret": false
       }
     ],
@@ -187,5 +187,5 @@
       }
     ]
   },
-  "generated_at": "2024-02-20T18:04:29Z"
+  "generated_at": "2024-08-30T18:12:43Z"
 }

core/authelia.yml

@@ -151,6 +151,18 @@ access_control:
       networks: 192.168.5.0/24
 
   rules:
+    ## Allow favicons on internal network
+    - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
+      resources:
+        - '^/apple-touch-icon-precomposed\.png$'
+        - '^/assets/safari-pinned-tab\.svg$'
+        - '^/apple-touch-icon-180x180\.png$'
+        - '^/apple-touch-icon\.png$'
+        - '^/favicon\.ico$'
+      networks:
+        - internal
+      policy: bypass
+
     {{ range nomadVarList "authelia/access_control/service_rules" }}{{ with nomadVar .Path }}
     - domain: '{{ .name }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
 {{ .rule.Value | indent 6 }}