Prevents normal website access by restricting all routes by default

The patch in #7 worked great for me. Prior to application, my rest endpoints worked, but I couldn't upload anything into my media library.

Please reroll patches to apply to 2.0.x if needed, since that's the current branch.

As soon as I installed, enabled, and configured this module with an empty whitelist, I was unable to access my site at all, despite no routes using this auth method.

The patch fixes this by making the authentication check only apply if the route is set to use this auth method.

I am copying the changes from this issue to the merge request in 📌 Apply changes to apply security advisory Needs review , since there are going to be merge conflicts between the two issues. Please review the changes in the MR over there, instead of here.

This change shouldn't be needed. See AuthenticationManager::defaultFilter. It already checks the _auth on the route...