diff --git a/chrome/content/zotero/preferences/preferences_advanced.xhtml b/chrome/content/zotero/preferences/preferences_advanced.xhtml
index 897aeee171..d13b7a87e4 100644
--- a/chrome/content/zotero/preferences/preferences_advanced.xhtml
+++ b/chrome/content/zotero/preferences/preferences_advanced.xhtml
@@ -35,6 +35,8 @@
+
+
diff --git a/chrome/content/zotero/xpcom/localAPI/server_localAPI.js b/chrome/content/zotero/xpcom/localAPI/server_localAPI.js
index f9f5a09e13..2317f25d26 100644
--- a/chrome/content/zotero/xpcom/localAPI/server_localAPI.js
+++ b/chrome/content/zotero/xpcom/localAPI/server_localAPI.js
@@ -87,6 +87,10 @@ const exportFormats = new Map([
*/
class LocalAPIEndpoint {
async init(requestData) {
+ if (!Zotero.Prefs.get('httpServer.localAPI.enabled')) {
+ return this.makeResponse(403, 'text/plain', 'Local API is not enabled');
+ }
+
let apiVersion = parseInt(
requestData.headers['Zotero-API-Version']
|| requestData.searchParams.get('v')
diff --git a/chrome/locale/en-US/zotero/preferences.ftl b/chrome/locale/en-US/zotero/preferences.ftl
index 62ed26e900..7c42d0ebe6 100644
--- a/chrome/locale/en-US/zotero/preferences.ftl
+++ b/chrome/locale/en-US/zotero/preferences.ftl
@@ -56,6 +56,8 @@ preferences-styleManager-add-button =
.tooltiptext = Add a style from a file
.label = { $label }
+preferences-advanced-enable-local-api =
+ .label = Allow other applications on this computer to communicate with { -app-name }
preferences-advanced-language-and-region-title = Language and Region
preferences-advanced-enable-bidi-ui =
.label = Enable bidirectional text editing utilities
diff --git a/defaults/preferences/zotero.js b/defaults/preferences/zotero.js
index fda53113bc..4855dfb51d 100644
--- a/defaults/preferences/zotero.js
+++ b/defaults/preferences/zotero.js
@@ -144,6 +144,7 @@ pref("extensions.zotero.integration.dontPromptMendeleyImport", false);
// Connector settings
pref("extensions.zotero.httpServer.enabled", true);
pref("extensions.zotero.httpServer.port", 23119); // ascii "ZO"
+pref("extensions.zotero.httpServer.localAPI.enabled", false);
// Zeroconf
pref("extensions.zotero.zeroconf.server.enabled", false);
diff --git a/test/runtests.sh b/test/runtests.sh
index d83914a3ba..41ec881483 100755
--- a/test/runtests.sh
+++ b/test/runtests.sh
@@ -137,6 +137,7 @@ user_pref("extensions.zotero.firstRunGuidance", false);
user_pref("extensions.zotero.firstRun2", false);
user_pref("extensions.zotero.reportTranslationFailure", false);
user_pref("extensions.zotero.httpServer.enabled", true);
+user_pref("extensions.zotero.httpServer.localAPI.enabled", true);
user_pref("extensions.zotero.backup.numBackups", 0);
user_pref("extensions.zotero.sync.autoSync", false);
user_pref("extensions.zoteroMacWordIntegration.installed", true);