function isLoginAction($action)
{
- static $loginActions = array('login', 'recoverpassword', 'api', 'doc', 'register');
+ static $loginActions = array('login', 'recoverpassword', 'api', 'doc', 'register', 'publicxrds');
$login = null;
if (!$user && common_config('site', 'private')
&& !isLoginAction($action)
&& !preg_match('/rss$/', $action)
+ && !preg_match('/^Api/', $action)
) {
common_redirect(common_local_url('login'));
return;