Skip to content

Commit

Permalink
Warn that DISABLE_QUERY_AUTH_TOKEN is false only if it's explicitly…
Browse files Browse the repository at this point in the history 
… defined (#28783) (#28868)

Backport #28783 by @yardenshoham

So we don't warn on default behavior

- Fixes #28758
- Follows #28390

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
  • Loading branch information
@GiteaBot @yardenshoham
GiteaBot and yardenshoham authored Jan 21, 2024
1 parent 0d50f27 commit e3dfb51
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion modules/setting/security.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
}
}

sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")

// TODO: default value should be true in future releases
DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)

if !DisableQueryAuthToken {
// warn if the setting is set to false explicitly
if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
}
}

0 comments on commit e3dfb51

Please sign in to comment.