diff --git a/src/main.py b/src/main.py
index d7f37fd..7bc2c80 100644
--- a/src/main.py
+++ b/src/main.py
@@ -66,9 +66,11 @@ async def lifespan(_app: FastAPI):
         yield
 
 
-async def has_account(req: Request, credentials: HTTPBasicCredentials = Depends(HTTPBasic())) -> db.Account:
+async def has_account(req: Request, credentials: HTTPBasicCredentials = Depends(HTTPBasic())) -> db.Account | None:
     account = await db.Account.get_or_none(username=credentials.username)
     if account is None:
+        if os.getenv("ALLOW_ANONYMOUS", "true") == "true":
+            return
         raise HTTPException(status_code=401, detail="Invalid credentials", headers={"WWW-Authenticate": "Basic"})
     ph = PasswordHasher()
     try: