From 4b558b53973158d8e13e70fbf681f4fc5234d6c0 Mon Sep 17 00:00:00 2001 From: Artem Medvedev Date: Sun, 10 Dec 2023 18:04:38 +0100 Subject: [PATCH] doc(readme): explain behavior of unset `auth_tokens` & `delete_tokens` Just a clarification on how this works in the case of uninstalled tokens, for greater clarity and security --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 2453f97f..fbc5e21e 100644 --- a/README.md +++ b/README.md @@ -252,6 +252,8 @@ Set `delete_tokens` array in [config.toml](./config.toml) to activate the [`DELE $ curl -H "Authorization: " -X DELETE "/file.txt" ``` +> The `DELETE` endpoint will not be exposed and will return `404` error if `delete_tokens` are not set. + ### Server To start the server: @@ -275,6 +277,11 @@ $ rustypaste You can also set multiple auth tokens via the array field `[server].auth_tokens` in your `config.toml`. +> If neither `AUTH_TOKEN` nor `[server].auth_tokens` are set, the server will not require any authentication. +> +> Exception is the `DELETE` endpoint, which requires at least one token to be set. See [Delete file from server](#delete-file-from-server) for more information. + + See [config.toml](./config.toml) for configuration options. #### List endpoint