Skip to content

Ref/auth cleanup#2055

Merged
lissy93 merged 8 commits into
masterfrom
ref/auth-cleanip
Apr 8, 2026
Merged

Ref/auth cleanup#2055
lissy93 merged 8 commits into
masterfrom
ref/auth-cleanip

Conversation

@lissy93
Copy link
Copy Markdown
Owner

@lissy93 lissy93 commented Apr 7, 2026
edited
Loading

Category

Refactor, docs and small functionality change

Overview

  • When basic auth is used with both env and through the config, the env settings now take precidence
  • When basic auth is enabled, only allow calling of read-only endpoints by any non-admins
  • Simplifies/updates the authentication and management docs
  • Updates references in the security and privacy docs
  • Improved header auth compatibility, and added logout fix
  • Documented header auth usage

Issue Number

N/A

lissy93 added 3 commits April 7, 2026 12:59
@lissy93
🔐 Updates auth credential priority
f77c0f7 
Previously, if both env vars and appConfig.auth were configured, the
values in conf.yml would take priority. This has now been reversed, since environmental values are more secure. Now BASIC_AUTH_USERNAME, BASIC_AUTH_PASSWORD will take precidence.

Also, added a warning which will show if user attempts to use both
methods (since they will conflict), advising them to delete one.

When basic auth is enabled, all internal endpoints require HTTP basic
auth headers to be sent. Once the user has authenticaed via the UI,
these will be attached automatically. If ENABLE_HTTP_AUTH env var is
unset, then the auth config is basically just a login page rather than
an access control system.
@lissy93
📝 Updates auth docs with latest changes
7dc5c10
@lissy93
🔐 Adds an admin gate for write endpoints
e82fde9
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 7, 2026
edited
Loading

Deploy Preview for dashy-dev ready!

Name Link
🔨 Latest commit 9d597b3
🔍 Latest deploy log https://app.netlify.com/projects/dashy-dev/deploys/69d60e11c8571a000794a46e
😎 Deploy Preview https://deploy-preview-2055--dashy-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@lissy93 lissy93 merged commit de34048 into master Apr 8, 2026
9 checks passed
@lissy93 lissy93 deleted the ref/auth-cleanip branch April 8, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lissy93