diff --git a/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java b/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
index b1027cc..2ddf272 100644
--- a/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
+++ b/module-core/src/main/java/io/goobi/vocabulary/security/SecurityConfiguration.java
@@ -23,8 +23,8 @@ public SecurityConfiguration(BearerTokenAuthFilter bearerTokenAuthFilter) {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        .dispatcherTypeMatchers(DispatcherType.ASYNC)
-                        .permitAll()
+                        .dispatcherTypeMatchers(DispatcherType.ASYNC).permitAll()
+                        .requestMatchers("/docs/**").permitAll()
                         .anyRequest()
                         .authenticated()
                 )