diff --git a/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java b/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
index a315505..d4d05e7 100644
--- a/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
+++ b/src/main/java/de/jottyfan/timetrack/config/SecurityConfiguration.java
@@ -35,7 +35,7 @@ public class SecurityConfiguration {
 		// @formatter:off
 			.oauth2Login(o -> o.defaultSuccessUrl("/"))
 			.logout(o -> o.logoutSuccessHandler(new OidcClientInitiatedLogoutSuccessHandler(crr)))
-		  .authorizeHttpRequests(o -> o.requestMatchers(AntPathRequestMatcher.antMatcher("/public/**")).permitAll().anyRequest().authenticated())
+		  .authorizeHttpRequests(o -> o.requestMatchers(AntPathRequestMatcher.antMatcher("/public/**"), AntPathRequestMatcher.antMatcher("/theme/**")).permitAll().anyRequest().authenticated())
 		  .oauth2ResourceServer(o -> o.jwt(Customizer.withDefaults()))
 		  .sessionManagement(o -> o.init(sec));
 		// @formatter:on