Mathias Bergqvist 9d08352324 feat(auth): fall back to GITEA_MCP_DEFAULT_TOKEN when no Bearer header ...

claude.ai connectors call the server with no Authorization header (confirmed
via request logging). Add a configurable default Gitea PAT so unauthenticated
clients (like claude.ai) can still reach the server.

Claude Code continues to pass per-request PATs; defaultToken="" preserves
the existing strict behaviour when the env var is unset.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-09 22:22:04 +02:00

3.4 KiB

Raw Blame History

View Raw