From 5a7bacb005b092f41640a4f72bba78d4918a9fb1 Mon Sep 17 00:00:00 2001 From: Yarden Shoham Date: Sun, 14 Jan 2024 22:20:18 +0200 Subject: [PATCH] Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's explicitly defined (#28783) So we don't warn on default behavior - Fixes https://github.com/go-gitea/gitea/issues/28758 - Follows https://github.com/go-gitea/gitea/pull/28390 Signed-off-by: Yarden Shoham --- modules/setting/security.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/setting/security.go b/modules/setting/security.go index 4adfe2063..380360a69 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -159,10 +159,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) { } } + sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN") + // TODO: default value should be true in future releases DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false) - if !DisableQueryAuthToken { + // warn if the setting is set to false explicitly + if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken { log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.") } }