I created a password protection for the entire website, now the website preview in the Sulu Admin is broken, i.e. it is throwing a AcessDeniedHttpException leading to a 403 Forbitten response.

This is the the relevant part of the security.yaml

# ...
    access_control:
        - { path: ^/admin/reset, roles: PUBLIC_ACCESS }
        - { path: ^/admin/security/reset, roles: PUBLIC_ACCESS }
        - { path: ^/admin/login$, roles: PUBLIC_ACCESS }
        - { path: ^/admin/2fa, roles: PUBLIC_ACCESS }
        - { path: ^/admin/_wdt, roles: PUBLIC_ACCESS }
        - { path: ^/admin/_profiler, roles: PUBLIC_ACCESS }
        - { path: ^/admin/translations, roles: PUBLIC_ACCESS }
        - { path: ^/admin$, roles: PUBLIC_ACCESS }
        - { path: ^/admin/$, roles: PUBLIC_ACCESS }
        - { path: ^/admin/p/, roles: PUBLIC_ACCESS }
        - { path: ^/admin, roles: ROLE_USER }
        - { path: ^/_fos_user_context_hash, roles: [PUBLIC_ACCESS] }
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/, roles: ROLE_USER }
# ...

The last line is for the website password protection. The request for the website preview uses an url to https://127.0.0.1:8000/admin/preview/render. In my understanding, in this case, this rule should match { path: ^/admin, roles: ROLE_USER }. As I am logged on with an admin user when in the admin backend, this should work.

What am I missing? Can anyone give me a hint please?