diff --git a/modules/setting/security.go b/modules/setting/security.go index efe0d7eea..01e02ea5a 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) { } } + sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN") + // TODO: default value should be true in future releases DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false) - if !DisableQueryAuthToken { + // warn if the setting is set to false explicitly + if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken { log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.") } }