Closed dimer47 closed 1 year ago
This assigns _authRequired to nothing as it's not declared as a variable. The config key referenced in the file doesn't exist in the config file. The documentation does not reflect this. The default behavior is not preserved and this made as an optional change to be non breaking for existing users. The PR needs some work.
Hello,
This PR adds an option to the configuration to not have an authenticated user to access activity routes.
Sometimes it is not appropriate to manage access to this data through an application user, even using a specific role for authorization.
With this option, it will be possible to choose another mode of protection, I am thinking in particular of access rules in apache, nginx or iis directly.