From 3a41fccc43931d12216aa491b234805892dc0861 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 5 Nov 2022 22:56:03 +0100
Subject: [PATCH] Change `AUTHORIZED_FETCH` to not block unauthenticated REST
 API access (#19803)

New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
---
 app/controllers/api/base_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index c46fde65b2..3f3e1ca7bd 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -133,7 +133,7 @@ class Api::BaseController < ApplicationController
   end
 
   def disallow_unauthenticated_api_access?
-    authorized_fetch_mode?
+    ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
   end
 
   private
-- 
GitLab