Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's explicitly defined (#28783) (#28868)

Backport #28783 by @yardenshoham So we don't warn on default behavior - Fixes https://github.com/go-gitea/gitea/issues/28758 - Follows https://github.com/go-gitea/gitea/pull/28390 Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com>
author: Giteabot <teabot@gitea.io> 2024-01-21 23:21:22 +0800
committer: GitHub <noreply@github.com> 2024-01-21 15:21:22 +0000
commit: e3dfb512d6fe078e938ba1f75a133f500a508ed7 (patch)
tree: 0755ad195a9f8ead3d8cbb3f892132800b1771a5
parent: 0d50f274698e7508ad15f61b1eca41db677b762e (diff)
download: gitea-e3dfb512d6fe078e938ba1f75a133f500a508ed7.tar.gz
gitea-e3dfb512d6fe078e938ba1f75a133f500a508ed7.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/setting/security.go b/modules/setting/security.go
index efe0d7eea6..01e02ea5a0 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 		}
 	}
 
+	sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")
+
 	// TODO: default value should be true in future releases
 	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
 
-	if !DisableQueryAuthToken {
+	// warn if the setting is set to false explicitly
+	if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
 		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
 	}
 }
author	Giteabot <teabot@gitea.io>	2024-01-21 23:21:22 +0800
committer	GitHub <noreply@github.com>	2024-01-21 15:21:22 +0000
commit	e3dfb512d6fe078e938ba1f75a133f500a508ed7 (patch)
tree	0755ad195a9f8ead3d8cbb3f892132800b1771a5
parent	0d50f274698e7508ad15f61b1eca41db677b762e (diff)
download	gitea-e3dfb512d6fe078e938ba1f75a133f500a508ed7.tar.gz gitea-e3dfb512d6fe078e938ba1f75a133f500a508ed7.zip