From 8204d961def107bd0a8838662291eebe53b23406 Mon Sep 17 00:00:00 2001 From: qdequele Date: Tue, 10 Mar 2020 15:40:44 +0100 Subject: [PATCH] allow api key in header when no master-key is set; fix #515 --- meilisearch-http/src/helpers/tide.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meilisearch-http/src/helpers/tide.rs b/meilisearch-http/src/helpers/tide.rs index 33a6028b1..f474372f0 100644 --- a/meilisearch-http/src/helpers/tide.rs +++ b/meilisearch-http/src/helpers/tide.rs @@ -20,6 +20,10 @@ impl RequestExt for Request { fn is_allowed(&self, acl: ACL) -> SResult<()> { let user_api_key = self.header("X-Meili-API-Key"); + if self.state().api_keys.master.is_none() { + return Ok(()) + } + match acl { ACL::Admin => { if user_api_key == self.state().api_keys.master.as_deref() {