From 99d19cd3dbfd5bfe44dd0b87491d8a88cd6607f9 Mon Sep 17 00:00:00 2001 From: QuantumGhost Date: Fri, 23 Jan 2026 16:03:12 +0800 Subject: [PATCH] docs(api): clarity SystemFeatureApi for webapp is unauthenticated by design (#31432) The `/api/system-features` is required for the web app initialization. Authentication would create circular dependency (can't authenticate without web app loading). Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- api/controllers/web/feature.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/api/controllers/web/feature.py b/api/controllers/web/feature.py index cce3dae95d..2540bf02f4 100644 --- a/api/controllers/web/feature.py +++ b/api/controllers/web/feature.py @@ -17,5 +17,15 @@ class SystemFeatureApi(Resource): Returns: dict: System feature configuration object + + This endpoint is akin to the `SystemFeatureApi` endpoint in api/controllers/console/feature.py, + except it is intended for use by the web app, instead of the console dashboard. + + NOTE: This endpoint is unauthenticated by design, as it provides system features + data required for webapp initialization. + + Authentication would create circular dependency (can't authenticate without webapp loading). + + Only non-sensitive configuration data should be returned by this endpoint. """ return FeatureService.get_system_features().model_dump()