EndpointWhitelist includes the line

 Path = httpContext.Request.Path.ToString().ToLowerInvariant().TrimEnd('/'),

but allowing the root path to be included in the whitelist makes perfect sense. Could this be altered so something like "*:/" is a valid EndpointWhitelist value?

Thanks I'll PR a failing unit test