26 Aug 2020, 01:22
Right. I did clean up the code recently for this also, but I can't remember that it worked without username. If it did, it was not by design. Http auth (used by the protect mechanism) requires username + password, so it seems pointless to try to exclude username. Also, if you create "users" (from the users tab), it would definitely be required as the username is the key to folder access.
It could be you could login with empty username earlier, but unless this is very important (for some reason), I won't be targeting this as a fix.