From 013acd95fb767f9e6d500c0470a6b5867eee0b1b Mon Sep 17 00:00:00 2001
From: "M. J. Fromberger" <fromberger@tailscale.com>
Date: Mon, 4 Aug 2025 08:10:45 -0700
Subject: [PATCH] server: allow any valid user to query the /meta endpoint

Updates tailscale/corp#30787
---
 server/tailsql/tailsql.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/tailsql/tailsql.go b/server/tailsql/tailsql.go
index 4b59049..a69502e 100644
--- a/server/tailsql/tailsql.go
+++ b/server/tailsql/tailsql.go
@@ -596,9 +596,9 @@ func (s *Server) checkAuth(w http.ResponseWriter, r *http.Request, src, query st
 		caller = whois.UserProfile.LoginName
 	}
 
-	// If the caller wants the UI and didn't send a query, allow it.
+	// If the caller wants the UI or metadata, and didn't send a query, allow it.
 	// The source does not matter when there is no query.
-	if r.URL.Path == "/" && query == "" {
+	if (r.URL.Path == "/" || r.URL.Path == "/meta") && query == "" {
 		return caller, true
 	}
 	if err := s.authorize(src, whois); err != nil {