diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index e93419ca2..13369ad61 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -111,6 +111,7 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/push/public-key").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/sitemap.xml").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
@@ -141,7 +142,8 @@ public class SecurityConfig {
                          uri.startsWith("/api/categories") || uri.startsWith("/api/tags") ||
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
-                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key"));
+                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
+                         uri.startsWith("/sitemap.xml"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);