From 539cb877b4be7fab52cf5e90ef799bc2d90b3454 Mon Sep 17 00:00:00 2001 From: claude Date: Mon, 1 Jun 2026 17:50:48 +0000 Subject: [PATCH] Deploy: allow public (anonymous) access so share links work without login MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The web service installs a site-wide login gate (router.mjs: webRouter.all('*', requireGlobalLogin)) whenever Settings.allowPublicAccess is false — which it was, since OVERLEAF_ALLOW_PUBLIC_ACCESS wasn't set. That gate bounced every anonymous request to /login, breaking both Overleaf's own link-sharing and the public presentation links (the dynamic token routes can't be in the exact-match global whitelist, so there's no per-path exemption — allowPublicAccess is the intended knob). Set OVERLEAF_ALLOW_PUBLIC_ACCESS=true on the verso Deployment. Per-project and per-route authorization still applies, and private presentation links still require a login (enforced in the serve handler), so only genuinely public content is reachable anonymously. Co-Authored-By: Claude Opus 4.8 --- .gitea/workflows/deploy-verso.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitea/workflows/deploy-verso.yml b/.gitea/workflows/deploy-verso.yml index f19771c964..c050610847 100644 --- a/.gitea/workflows/deploy-verso.yml +++ b/.gitea/workflows/deploy-verso.yml @@ -276,6 +276,12 @@ jobs: value: Verso - name: OVERLEAF_SITE_URL value: https://test.alocoq.fr + # Allow anonymous visitors to reach the site so link + # sharing and public presentation links work without a + # login. Per-project and per-route access checks still + # apply; private presentation links still require login. + - name: OVERLEAF_ALLOW_PUBLIC_ACCESS + value: "true" --- apiVersion: v1 kind: Service