[#2579] fix: update BiscuitMiddleware to include '/logout' in the request path check

Author: TheophileDiot

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 - [DOCS] Add multi-language support to the documentation, including French
 - [UI] Fix incorrect key used when viewing service details
+- [UI] Fix 403 when changing IP address on web UI
 - [DEPS] Update lua-resty-openssl version to v1.6.4
 
 ## v1.6.5-rc2 - ????/??/??

src/ui/app/models/biscuit.py

@@ -57,10 +57,7 @@ def _check_authorization(self) -> None:
         Flask's `before_request` hook to intercept requests and perform Biscuit authorization.
         Enhanced to handle dynamic permissions per route.
         """
-        if (
-            request.path.startswith(("/css/", "/img/", "/js/", "/json/", "/fonts/", "/libs/", "/locales/", "/cache/"))
-            or request.endpoint == "logout.logout_page"
-        ):
+        if request.path.startswith(("/css/", "/img/", "/js/", "/json/", "/fonts/", "/libs/", "/locales/", "/cache/", "/logout")):
             return
 
         token_str: Optional[str] = session.get("biscuit_token")  # Retrieve token from session