From a6b01b2df33e6d42faecbbea774ac97b3fc4491b Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Tue, 17 Jan 2017 17:43:08 +0100 Subject: disable authentication for API --- src/leap/bitmask/core/web/service.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/leap/bitmask/core/web/service.py b/src/leap/bitmask/core/web/service.py index 77e1c72..c1d839e 100644 --- a/src/leap/bitmask/core/web/service.py +++ b/src/leap/bitmask/core/web/service.py @@ -92,11 +92,17 @@ class HTTPDispatcherService(service.Service): jsapi = File(os.path.abspath(jspath)) api = Api(CommandDispatcher(self._core)) - protected_api = protectedResourceFactory( - api, self._core.tokens, self.API_WHITELIST) + # protected_api = protectedResourceFactory( + # api, self._core.tokens, self.API_WHITELIST) root = File(webdir) - root.putChild(u'API', protected_api) + + # FIXME -- switching off the protected api, due to + # https://0xacab.org/leap/bitmask-dev/issues/9 + # root.putChild(u'API', protected_api) + # ------------------------------------------------- + + root.putChild(u'API', api) if not HAS_WEB_UI: root.putChild('bitmask.js', jsapi) -- cgit v1.2.3