Add config option which requires authentication in FreeURL mode

This mitigates unintended note creation by bots or humans through a simple GET call. See discussion in #754. Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2021-01-22 16:47:47 +01:00
parent 3331c0947c
commit 497569fee4
5 changed files with 5 additions and 1 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -33,6 +33,7 @@ module.exports = {
  allowAnonymous: true,
  allowAnonymousEdits: false,
  allowFreeURL: false,
+  requireFreeURLAuthentication: false,
  forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
  defaultPermission: 'editable',
  dbURL: '',