From 25636c244250a07f2d547a3e6931299b7c02525c Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 30 Apr 2023 11:53:32 +0000 Subject: [PATCH] Issue 13058: BasicAuth can now be disabled --- src/Security/BasicAuth.php | 2 +- static/defaults.config.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index 25da9b8318..51da7a98ad 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -177,7 +177,7 @@ class BasicAuth } Logger::debug('Access denied', ['parameters' => $_SERVER]); // Checking for commandline for the tests, we have to avoid to send a header - if (php_sapi_name() !== 'cli') { + if (DI::config()->get('system', 'basicauth') && (php_sapi_name() !== 'cli')) { header('WWW-Authenticate: Basic realm="Friendica"'); } throw new UnauthorizedException("This API requires login"); diff --git a/static/defaults.config.php b/static/defaults.config.php index 3c4fdd762b..7e699fad71 100644 --- a/static/defaults.config.php +++ b/static/defaults.config.php @@ -132,6 +132,10 @@ return [ // The value has to start with the scheme and end with a "/" 'avatar_cache_url' => '', + // basicauth (Boolean) + // Controls if login via BasicAuth is possible (default is true) + 'basicauth' => true, + // big_emojis (Boolean) // Display "Emoji Only" posts in big. 'big_emojis' => false,