Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)

New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
author: Eugen Rochko <eugen@zeonfederated.com> 2022-11-05 22:56:03 +0100
committer: GitHub <noreply@github.com> 2022-11-05 22:56:03 +0100
commit: 3a41fccc43931d12216aa491b234805892dc0861 (patch)
tree: f96931903a0e1faec8edc404833299d0e1bd5d1d /app/controllers/api
parent: d0c9ac39190c71afb581836e770ebace4ad1ef1b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index c46fde65b..3f3e1ca7b 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -133,7 +133,7 @@ class Api::BaseController < ApplicationController
   end
 
   def disallow_unauthenticated_api_access?
-    authorized_fetch_mode?
+    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
   end
 
   private
author	Eugen Rochko <eugen@zeonfederated.com>	2022-11-05 22:56:03 +0100
committer	GitHub <noreply@github.com>	2022-11-05 22:56:03 +0100
commit	3a41fccc43931d12216aa491b234805892dc0861 (patch)
tree	f96931903a0e1faec8edc404833299d0e1bd5d1d /app/controllers/api
parent	d0c9ac39190c71afb581836e770ebace4ad1ef1b (diff)