Fix protected routes requiring API key even if noAuth option is set

dherault · Oct 18, 2018 · f96faf1 · f96faf1
1 parent 018497d
commit f96faf1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/index.js b/src/index.js
@@ -482,7 +482,7 @@ class Offline {
 
             // this.serverlessLog(protectedRoutes);
             // Check for APIKey
-            if (_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) {
+            if ((_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) && !this.options.noAuth) {
               const errorResponse = response => response({ message: 'Forbidden' }).code(403).type('application/json').header('x-amzn-ErrorType', 'ForbiddenException');
               if ('x-api-key' in request.headers) {
                 const requestToken = request.headers['x-api-key'];