From 248f11653a8ea9a20da3566e3fee5d2d9de1f261 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 26 Nov 2021 09:43:06 +0100
Subject: [PATCH] allo echo without authentication

---
 restapi/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/restapi/index.php b/restapi/index.php
index 211386a55..242bef52f 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -2367,9 +2367,9 @@ class Auth { /* {{{ */
         }
         /* The preflight options request doesn't have authorization in the header. So
          * don't even try to authorize.
-         */
+				 */
         if($request->getMethod() == 'OPTIONS') {
-        } elseif(!in_array($request->getUri()->getPath(), array('echo', 'login'))) {
+				} elseif(!in_array($request->getUri()->getPath(), array('login')) && substr($request->getUri()->getPath(), 0, 5) != 'echo/') {
             $userobj = null;
             if(!empty($this->container->environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
                 if($settings->_apiKey == $this->container->environment['HTTP_AUTHORIZATION']) {