From 3a41fccc43931d12216aa491b234805892dc0861 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 5 Nov 2022 22:56:03 +0100 Subject: Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803) New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS` --- app/controllers/api/base_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/api') diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index c46fde65b..3f3e1ca7b 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -133,7 +133,7 @@ class Api::BaseController < ApplicationController end def disallow_unauthenticated_api_access? - authorized_fetch_mode? + ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode end private -- cgit