gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-05-12 04:31:11 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Change devise to not use HTTP Authentication

Browse Source 
I can't see when we would ever use HTTP Basic Authentication given all of our session stuff happens through forms with params. The only details for why this was enabled was "support PAM"
This commit is contained in:
Emelia Smith 2025-04-18 21:16:50 +02:00
parent 3159f3b2f6
commit a2c7ed023a
No known key found for this signature in database
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/initializers/devise.rb
View File

@ -158,13 +158,15 @@ Devise.setup do |config|
# given strategies, for example, `config.params_authenticatable = [:database]` will
# enable it only for database (email + password) authentication.
# config.params_authenticatable = true
config.params_authenticatable = true
# Tell if authentication through HTTP Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:database]` will
# enable it only for database authentication. The supported strategies are:
# :database = Support basic authentication with authentication key + password
config.http_authenticatable = [:pam, :database]
# config.http_authenticatable = [:pam, :database]
config.http_authenticatable = false
# If 401 status code should be returned for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true