From 8126ce8fa036b91c08b75754d7f423af70a284b3 Mon Sep 17 00:00:00 2001
From: Miranda Christ <mchrist@google.com>
Date: Mon, 12 Aug 2019 16:52:58 -0700
Subject: [PATCH] Loosen cookie-secret requirement

---
 prow/cmd/deck/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/prow/cmd/deck/main.go b/prow/cmd/deck/main.go
index 95e17c32123f..230cd5c4241d 100644
--- a/prow/cmd/deck/main.go
+++ b/prow/cmd/deck/main.go
@@ -366,7 +366,7 @@ func main() {
 
 	// if we allow direct reruns, we must protect against CSRF in all post requests using the cookie secret as a token
 	// for more information about CSRF, see https://github.com/kubernetes/test-infra/blob/master/prow/cmd/deck/csrf.md
-	if o.rerunCreatesJob && csrfToken == nil {
+	if o.rerunCreatesJob && csrfToken == nil && !cfg().Deck.RerunAuthConfig.AllowAnyone {
 		logrus.Fatal("Rerun creates job cannot be enabled without CSRF protection, which requires --cookie-secret to be exactly 32 bytes")
 		return
 	}