diff --git a/peach-web/src/routes/authentication.rs b/peach-web/src/routes/authentication.rs
index 035bde5..7073a0c 100644
--- a/peach-web/src/routes/authentication.rs
+++ b/peach-web/src/routes/authentication.rs
@@ -1,3 +1,5 @@
+use std::env;
+
 use log::info;
 use rocket::form::{Form, FromForm};
 use rocket::request::FlashMessage;
@@ -42,14 +44,22 @@ impl<'r> FromRequest<'r> for Authenticated {
     type Error = LoginError;
 
     async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
-        let authenticated = req
-            .cookies()
-            .get_private(AUTH_COOKIE_KEY)
-            .and_then(|cookie| cookie.value().parse().ok())
-            .map(|_value: String| Authenticated {});
-        match authenticated {
-            Some(auth) => request::Outcome::Success(auth),
-            None => request::Outcome::Failure((Status::Forbidden, LoginError::UserNotLoggedIn)),
+        // check for disable auth env var; set to false if unset
+        let authentication_is_disabled =
+            env::var("DISABLE_ROCKET_AUTH").unwrap_or_else(|_| "false".to_string());
+        if authentication_is_disabled == "true" {
+            let auth = Authenticated {};
+            request::Outcome::Success(auth)
+        } else {
+            let authenticated = req
+                .cookies()
+                .get_private(AUTH_COOKIE_KEY)
+                .and_then(|cookie| cookie.value().parse().ok())
+                .map(|_value: String| Authenticated {});
+            match authenticated {
+                Some(auth) => request::Outcome::Success(auth),
+                None => request::Outcome::Failure((Status::Forbidden, LoginError::UserNotLoggedIn)),
+            }
         }
     }
 }