From 3a683751b8d62ab78f293fc0012915da6837f600 Mon Sep 17 00:00:00 2001
From: John Mizerek <mizerek@gmail.com>
Date: Mon, 26 Jan 2026 12:41:26 -0800
Subject: [PATCH] Allow public access to /api/dev/ endpoints

Dev endpoints have their own isDevEnvironment check inside.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 api/Application.cfm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/Application.cfm b/api/Application.cfm
index 3756cac..1a7dd99 100644
--- a/api/Application.cfm
+++ b/api/Application.cfm
@@ -130,6 +130,7 @@ if (len(request._api_path)) {
   if (findNoCase("/api/addresses/setDefault.cfm", request._api_path)) request._api_isPublic = true;
   if (findNoCase("/api/debug/", request._api_path)) request._api_isPublic = true;
   if (findNoCase("/api/admin/", request._api_path)) request._api_isPublic = true;
+  if (findNoCase("/api/dev/", request._api_path)) request._api_isPublic = true;
   if (findNoCase("/api/orders/getOrCreateCart.cfm", request._api_path)) request._api_isPublic = true;
   if (findNoCase("/api/orders/getCart.cfm", request._api_path)) request._api_isPublic = true;
   if (findNoCase("/api/orders/setLineItem.cfm", request._api_path)) request._api_isPublic = true;