revert: "security/fix-swagger-info-leak-m02" (#29721)

2026-01-19 11:45:05 +08:00 · 2025-12-16 14:19:33 +08:00
parent 4553e4c12f
commit a915b8a584
4 changed files with 8 additions and 61 deletions
--- a/api/extensions/ext_login.py
+++ b/api/extensions/ext_login.py
@ -22,8 +22,8 @@ login_manager = flask_login.LoginManager()
@login_manager.request_loader
 def load_user_from_request(request_from_flask_login):
    """Load user based on the request."""
-    # Skip authentication for documentation endpoints (only when Swagger is enabled)
-    if dify_config.swagger_ui_enabled and request.path.endswith((dify_config.SWAGGER_UI_PATH, "/swagger.json")):
+    # Skip authentication for documentation endpoints
+    if dify_config.SWAGGER_UI_ENABLED and request.path.endswith((dify_config.SWAGGER_UI_PATH, "/swagger.json")):
        return None

    auth_token = extract_access_token(request)