From b23a6af63e61c2a2e4c9bc9b7077b5687025889e Mon Sep 17 00:00:00 2001 From: Damien Elmes Date: Thu, 24 Apr 2025 18:32:55 +1000 Subject: [PATCH] Restore ability to check pages externally on other devices Broken by the recent security changes --- qt/aqt/mediasrv.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt/aqt/mediasrv.py b/qt/aqt/mediasrv.py index bdf9cdc0f..203f23ef9 100644 --- a/qt/aqt/mediasrv.py +++ b/qt/aqt/mediasrv.py @@ -768,7 +768,10 @@ _APIKEY = "".join(random.choices(string.ascii_letters + string.digits, k=32)) def _have_api_access() -> bool: - return request.headers.get("Authorization") == f"Bearer {_APIKEY}" + return ( + request.headers.get("Authorization") == f"Bearer {_APIKEY}" + or os.environ.get("ANKI_API_HOST") == "0.0.0.0" + ) # this currently only handles a single method; in the future, idempotent