Change AUTHORIZED_FETCH to not block unauthenticated REST API access (#19803)

New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
2022-11-05 22:56:03 +01:00 · 2022-11-05 22:56:03 +01:00 · 3a41fccc43
commit 3a41fccc43
parent d0c9ac3919
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@ -133,7 +133,7 @@ class Api::BaseController < ApplicationController
  end
  def disallow_unauthenticated_api_access?
-    authorized_fetch_mode?
+    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
  end
  private