[FEAT] Bypass password authentication for API calls

[helgehatt]

Is this a new feature request?

• I have searched the existing issues

Wanted change

I have a server running on https://3000.example.tld and a client running on https://4000.example.tld
When I navigate to https://3000.example.tld I am redirected to https://3000.example.tld/login with

Welcome to code-server
Please log in below. Password was set from $PASSWORD.

and after inputting password I can navigate to https://3000.example.tld/api/endpoint to get a valid JSON response.

However, when the client running on https://4000.example.tld tries to request a resource on the server, I simply get 401, because the client has obviously not "logged in" to the server. How is the correct way to solve this?

Reason for change

The code-server is exposed to the internet, so I can't simply remove the password authentication. However, the client and server have their own authentication mechanisms, so it wouldn't be necessary with password authentication on the proxy domains.

Proposed code change

No response

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.