app/controllers/api_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

class ApiController < ApplicationController

  skip_before_filter :verify_authenticity_token
  respond_to :json

  protected

  #
  # For now, we are going to allow cookie authentication if there is
  # no "Authorization" header in the request. This is to keep backward
  # compatibility with older clients. In the future, this should be
  # disabled.
  #
  def require_login
    if ActionController::HttpAuthentication::Token.token_and_options(request)
      require_token
    else
      super
    end
  end

  def anonymous_access_allowed?
    APP_CONFIG[:allow_anonymous_certs]
  end

end