From f96faf11fde64080437f7caf99b0d2d4097aee9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ondrej=20Slint=C3=A1k?= <ondrowan@gmail.com>
Date: Thu, 18 Oct 2018 21:18:21 +0200
Subject: [PATCH] Fix protected routes requiring API key even if noAuth option
 is set

---
 src/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/index.js b/src/index.js
index f2f652ec3..ba73d1e33 100644
--- a/src/index.js
+++ b/src/index.js
@@ -482,7 +482,7 @@ class Offline {
 
             // this.serverlessLog(protectedRoutes);
             // Check for APIKey
-            if (_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) {
+            if ((_.includes(protectedRoutes, `${routeMethod}#${fullPath}`) || _.includes(protectedRoutes, `ANY#${fullPath}`)) && !this.options.noAuth) {
               const errorResponse = response => response({ message: 'Forbidden' }).code(403).type('application/json').header('x-amzn-ErrorType', 'ForbiddenException');
               if ('x-api-key' in request.headers) {
                 const requestToken = request.headers['x-api-key'];