Bypass authorization if no credentials were given

jgarth · Jul 10, 2012 · 69c6ba2 · 69c6ba2
1 parent 4354924
commit 69c6ba2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/clearance_http_auth/middleware.rb b/lib/clearance_http_auth/middleware.rb
@@ -16,7 +16,7 @@ def initialize(app)
       # if the incoming request is targeting the API.
       #
       def call(env)
-        if targeting_api?(env)
+        if targeting_api?(env) and env['HTTP_AUTHORIZATION']
           @app = Rack::Auth::Basic.new(@app) do |username, password|
             env[:clearance].sign_in ::User.authenticate(username, password)
           end