Do not deliver API key on settings API unless user has admin rights.

2014-11-14 18:24:57 +01:00 · 2014-11-14 18:24:57 +01:00 · 048ad78778
commit 048ad78778
parent e9beffc799
1 changed files with 1 additions and 1 deletions
--- a/src/octoprint/server/api/settings.py
+++ b/src/octoprint/server/api/settings.py
@ -34,7 +34,7 @@ def getSettings():
 	data = {
 		"api": {
 			"enabled": s.getBoolean(["api", "enabled"]),
-			"key": s.get(["api", "key"]),
+			"key": s.get(["api", "key"]) if admin_permission.can() else "n/a",
 			"allowCrossOrigin": s.get(["api", "allowCrossOrigin"])
 		},
 		"appearance": {