diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api_controller.rb | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 70b3cac..d5bec70 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -5,8 +5,18 @@ class ApiController < ApplicationController protected + # + # For now, we are going to allow cookie authentication if there is + # no "Authorization" header in the request. This is to keep backward + # compatibility with older clients. In the future, this should be + # disabled. + # def require_login - require_token + if ActionController::HttpAuthentication::Token.token_and_options(request) + require_token + else + super + end end def anonymous_access_allowed? |