From 2f4d7eae05b21ea0ed2bce3cb268137a8a0d40dd Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Thu, 12 Mar 2026 10:15:58 -1000 Subject: [PATCH] Update esphome/components/web_server_base/web_server_base.h Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- esphome/components/web_server_base/web_server_base.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/esphome/components/web_server_base/web_server_base.h b/esphome/components/web_server_base/web_server_base.h index 50e4d09249..48e13ad71e 100644 --- a/esphome/components/web_server_base/web_server_base.h +++ b/esphome/components/web_server_base/web_server_base.h @@ -122,6 +122,13 @@ class WebServerBase { #endif void add_handler(AsyncWebHandler *handler); + /** + * WARNING: Registers a handler that bypasses the USE_WEBSERVER_AUTH middleware. + * + * This should only be used for endpoints that are intentionally unauthenticated + * (for example, captive portal or very limited-status endpoints). For normal + * endpoints that should respect web server authentication, use add_handler(). + */ void add_handler_without_auth(AsyncWebHandler *handler); void set_port(uint16_t port) { port_ = port; }