diff --git a/changelog/unreleased/status_php_authentication.md b/changelog/unreleased/status_php_authentication.md
new file mode 100644
index 0000000000..6919206f5b
--- /dev/null
+++ b/changelog/unreleased/status_php_authentication.md
@@ -0,0 +1,9 @@
+Bugfix: Remove authentication from /status.php completely
+
+Despite requests without Authentication header being successful, requests with an
+invalid bearer token in the Authentication header were rejected in the proxy with
+an 401 unauthenticated. Now the Authentication header is completely ignored for the
+/status.php route.
+
+https://github.com/owncloud/ocis/pull/2188
+https://github.com/owncloud/client/issues/8538
diff --git a/proxy/pkg/middleware/oidc_auth.go b/proxy/pkg/middleware/oidc_auth.go
index f05aaef209..1b868223e5 100644
--- a/proxy/pkg/middleware/oidc_auth.go
+++ b/proxy/pkg/middleware/oidc_auth.go
@@ -155,7 +155,7 @@ func (m oidcAuth) shouldServe(req *http.Request) bool {
 
 	// todo: looks dirty, check later
 	// TODO: make a PR to coreos/go-oidc for exposing userinfo endpoint on provider, see https://github.com/coreos/go-oidc/issues/248
-	for _, ignoringPath := range []string{"/konnect/v1/userinfo"} {
+	for _, ignoringPath := range []string{"/konnect/v1/userinfo", "/status.php"} {
 		if req.URL.Path == ignoringPath {
 			return false
 		}