rabbah opened a new issue #4985: URL: https://github.com/apache/openwhisk/issues/4985
The annotation value `require-whisk-auth: false` on a web action leads the controller to reject the web action invocation. 1. The openwhisk documentation does not say what should happen when the value is false. I don't know why this case is omitted case https://github.com/apache/openwhisk/blob/master/docs/webactions.md#securing-web-actions 2. The implementation treats this case as "not allowed, something is not right" see line 790 in this snippet https://github.com/apache/openwhisk/blob/d9e908cce62c2d6e9f34e0295c53736be496c195/core/controller/src/main/scala/org/apache/openwhisk/core/controller/WebActions.scala#L777-L790 The controller should handle the case of the annotation being set to boolean `false` as not requiring authentication rather than reject the call. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
