At this moment, the authorization code does the following:
if (!spaceServer.auth) {
// Auth disabled in this config, skip
return next();
}
This makes it impossible to only enable SB_AUTH_TOKEN without SB_USER (or the flag --user). So someone could think that the API is protected when it's not since it requires the basic auth enabled.
zefhemel
commented
3 months ago
At this moment, the authorization code does the following:
This makes it impossible to only enable
SB_AUTH_TOKENwithoutSB_USER(or the flag--user). So someone could think that the API is protected when it's not since it requires the basic auth enabled.