From 63611ae3d901f3f04946ba2bbb3fe89e7a8e7bfa Mon Sep 17 00:00:00 2001
From: Tagada <36127788+Tagadda@users.noreply.github.com>
Date: Tue, 11 Jan 2022 18:39:52 +0100
Subject: [PATCH] Don't allow /api when the app is not public

---
 scripts/install | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/install b/scripts/install
index 292ca96..82eeebf 100644
--- a/scripts/install
+++ b/scripts/install
@@ -267,10 +267,9 @@ then
 	# Everyone can access the app.
 	# The "main" permission is automatically created before the install script.
 	ynh_permission_update --permission="main" --add="visitors"
+	ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 fi
 
-ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
-
 #=================================================
 # RELOAD NGINX
 #=================================================