From b754e28190dfd8a23bf819fd4333d3cba1983a59 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Tue, 22 Apr 2025 14:11:21 +0200
Subject: [PATCH] Change devise to not use HTTP Basic Authentication (#34501)

---
 config/initializers/devise.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 5c88c4cd5f..a277ee3059 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -158,13 +158,15 @@ Devise.setup do |config|
   # given strategies, for example, `config.params_authenticatable = [:database]` will
   # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
+  config.params_authenticatable = true
 
   # Tell if authentication through HTTP Auth is enabled. False by default.
   # It can be set to an array that will enable http authentication only for the
   # given strategies, for example, `config.http_authenticatable = [:database]` will
   # enable it only for database authentication. The supported strategies are:
   # :database      = Support basic authentication with authentication key + password
-  config.http_authenticatable = [:pam, :database]
+  # config.http_authenticatable = [:pam, :database]
+  config.http_authenticatable = false
 
   # If 401 status code should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true