Option to disable Query Auth Token #609

New Issue

Closed

opened 2024-01-27 01:36:19 +00:00 by buzzsurfr · 1 comment

buzzsurfr commented 2024-01-27 01:36:19 +00:00 (Migrated from gitea.com)

Copy Link

I'm getting the following warning whenever I'm running a CLI command:

2024/01/27 00:48:24 .../setting/security.go:168:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

The Configuration Cheat Sheet covers how to set the flag.

DISABLE_QUERY_AUTH_TOKEN: false: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to true in Gitea 1.23 and be deprecated in Gitea 1.24.

However, there's no way in the helm template to set this configuration. (Is there?)

Feature request is to add this as an option to the helm chart. I can provide if needed.

I'm getting the following warning whenever I'm running a CLI command: ``` 2024/01/27 00:48:24 .../setting/security.go:168:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24. ``` The [Configuration Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet#security-security) covers how to set the flag. > `DISABLE_QUERY_AUTH_TOKEN`: false: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to true in Gitea 1.23 and be deprecated in Gitea 1.24. However, there's no way in the helm template to set this configuration. (Is there?) Feature request is to add this as an option to the helm chart. I can provide if needed.

buzzsurfr commented 2024-01-27 05:14:24 +00:00 (Migrated from gitea.com)

Copy Link

Found my issue. Per the helm chart's instructions (RTFM), I changed my values.yaml to include:

gitea:
  config:
    security:
      DISABLE_QUERY_AUTH_TOKEN: true

Found my issue. Per the [helm chart's instructions](https://gitea.com/buzzsurfr/helm-chart/src/branch/main#configuration) (RTFM), I changed my values.yaml to include: ```yaml gitea: config: security: DISABLE_QUERY_AUTH_TOKEN: true ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

v10.6.0

v10.5.0

v10.4.1

v10.4.0

v10.3.0

v10.2.0

v10.1.4

v10.1.3

v10.1.2

v10.1.1

v10.1.0

v10.0.2

v10.0.1

v10.0.0

v9.6.1

v9.6.0

v9.5.1

v9.5.0

v9.4.0

v9.3.0

v9.2.1

v9.2.0

v9.1.0

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.3.0

v8.2.0

v8.1.0

v8.0.3

v8.0.2

v8.0.1

v8.0.0

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.1.1

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#609

No description provided.