• epriestley's avatar
    Allow public users to make intracluster API requests · 99be132e
    epriestley authored
    Summary:
    Ref T10784. On `secure`, logged-out users currently can't browse repositories when cluster/service mode is enabled because they aren't permitted to make intracluster requests.
    
    We don't allow totally public external requests (they're hard to rate limit and users might write bots that polled `feed.query` or whatever which we'd have no way to easily disable) but it's fine to allow intracluster public requests.
    
    Test Plan: Browsed a clustered repository while logged out locally.
    
    Reviewers: chad
    
    Reviewed By: chad
    
    Maniphest Tasks: T10784
    
    Differential Revision: https://secure.phabricator.com/D15695
    99be132e
PhabricatorConduitAPIController.php 20.3 KB