Merge pull request #13059 from annando/disable-basicauth

Issue 13058: BasicAuth can now be disabled

src/Security/BasicAuth.php

@@ -177,7 +177,7 @@ class BasicAuth
 			}
 			Logger::debug('Access denied', ['parameters' => $_SERVER]);
 			// Checking for commandline for the tests, we have to avoid to send a header
-			if (php_sapi_name() !== 'cli') {
+			if (DI::config()->get('system', 'basicauth') && (php_sapi_name() !== 'cli')) {
 				header('WWW-Authenticate: Basic realm="Friendica"');
 			}
 			throw new UnauthorizedException("This API requires login");

static/defaults.config.php

@@ -132,6 +132,10 @@ return [
 		// The value has to start with the scheme and end with a "/"
 		'avatar_cache_url' => '',
 
+		// basicauth (Boolean)
+		// Controls if login via BasicAuth is possible (default is true)
+		'basicauth' => true,
+
 		// big_emojis (Boolean)
 		// Display "Emoji Only" posts in big.
 		'big_emojis' => false,