Skip to content

Commit

Permalink
Warn that DISABLE_QUERY_AUTH_TOKEN is false only if it's explicitly…
Browse files Browse the repository at this point in the history 
… defined (go-gitea#28783)

So we don't warn on default behavior

- Fixes go-gitea#28758
- Follows go-gitea#28390

Signed-off-by: Yarden Shoham <[email protected]>
  • Loading branch information
@yardenshoham @GiteaBot
yardenshoham authored and GiteaBot committed Jan 20, 2024
1 parent 89960c3 commit 4f4c1a1
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion modules/setting/security.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
}
}

sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")

// TODO: default value should be true in future releases
DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)

if !DisableQueryAuthToken {
// warn if the setting is set to false explicitly
if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
}
}

0 comments on commit 4f4c1a1

Please sign in to comment.