From f1e773b749ce0d952f4f4e7f42b610c1042337fd Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Thu, 14 May 2026 13:14:24 +0000
Subject: [PATCH] Make `PAGES_INSECURE` bypass
 `[limit].allowed-repository-url-prefixes`.

This is the intended behavior but it was accidentally broken
in commit 2c109a5e1e9f77e57d35906ed9fa8c0f48194153.
---
 src/auth.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/auth.go b/src/auth.go
index b9bfeb3..746631c 100644
--- a/src/auth.go
+++ b/src/auth.go
@@ -838,6 +838,11 @@ func authorizeDNSChallengeOrForgeWithToken(r *http.Request) (*Authorization, err
 }
 
 func AuthorizeUpdateFromArchive(r *http.Request) (*Authorization, error) {
+	auth := authorizeInsecure(r)
+	if auth != nil {
+		return auth, nil
+	}
+
 	auth, err := authorizeDNSChallengeOrForgeWithToken(r)
 	if err != nil {
 		return nil, err