From 09aa9adb316e7309d2fc954eba839dffe63c8ee5 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 14 Jan 2026 23:10:29 +0100
Subject: Fix RSS and OPML access by token (#8434)

Regression from https://github.com/FreshRSS/FreshRSS/pull/8165
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8371
---
 app/Controllers/indexController.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'app/Controllers')

diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 7ce5f5436..17975fa86 100644
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -232,14 +232,14 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 
 	/**
 	 * This action displays the RSS feed of FreshRSS.
+	 * @deprecated See user query RSS sharing instead
 	 */
-	#[Deprecated('See user query RSS sharing instead')]
 	public function rssAction(): void {
 		$allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous;
 
 		// Check if user has access.
-		if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous) {
-			Minz_Error::error(403);
+		if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous && !Minz_Request::tokenIsOk()) {
+			Minz_Error::error(403, redirect: false);
 		}
 
 		try {
@@ -271,8 +271,8 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		$allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous;
 
 		// Check if user has access.
-		if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous) {
-			Minz_Error::error(403);
+		if (!FreshRSS_Auth::hasAccess() && !$allow_anonymous && !Minz_Request::tokenIsOk()) {
+			Minz_Error::error(403, redirect: false);
 		}
 
 		try {
-- 
cgit v1.2.3