diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2026-01-14 23:10:29 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2026-01-14 23:10:29 +0100 |
| commit | 09aa9adb316e7309d2fc954eba839dffe63c8ee5 (patch) | |
| tree | 141e6534bd957e771e703f703069e8f7f57a8aed /app/Controllers/indexController.php | |
| parent | 7573fee4f0949cce53af376a97837c32e50a5568 (diff) | |
Fix RSS and OPML access by token (#8434)
Regression from https://github.com/FreshRSS/FreshRSS/pull/8165
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8371
Diffstat (limited to 'app/Controllers/indexController.php')
| -rw-r--r-- | app/Controllers/indexController.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 7ce5f5436..17975fa86 100644 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -232,14 +232,14 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController { /** * This action displays the RSS feed of FreshRSS. + * @deprecated See user query RSS sharing instead */ - #[Deprecated('See user query RSS sharing instead')] public function rssAction(): void { $allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous; // Check if user has access. - if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous) { - Minz_Error::error(403); + if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous && !Minz_Request::tokenIsOk()) { + Minz_Error::error(403, redirect: false); } try { @@ -271,8 +271,8 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController { $allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous; // Check if user has access. - if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous) { - Minz_Error::error(403); + if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous && !Minz_Request::tokenIsOk()) { + Minz_Error::error(403, redirect: false); } try { |