From f9e4134381b72d2826439478115fc7e853f84a71 Mon Sep 17 00:00:00 2001
From: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>
Date: Mon, 4 May 2026 07:41:27 -0500
Subject: [PATCH] return 404 from /api/login if auth is disabled

---
 frigate/api/auth.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/frigate/api/auth.py b/frigate/api/auth.py
index d1c968818..641131208 100644
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@@ -812,6 +812,11 @@ limiter = Limiter(key_func=get_remote_addr)
 )
 @limiter.limit(limit_value=rateLimiter.get_limit)
 def login(request: Request, body: AppPostLoginBody):
+    if not request.app.frigate_config.auth.enabled:
+        return JSONResponse(
+            content={"message": "Authentication is disabled"}, status_code=404
+        )
+
     JWT_COOKIE_NAME = request.app.frigate_config.auth.cookie_name
     JWT_COOKIE_SECURE = request.app.frigate_config.auth.cookie_secure
     JWT_SESSION_LENGTH = request.app.frigate_config.auth.session_length