diff --git a/src/main/kotlin/mdnet/server/ImageServer.kt b/src/main/kotlin/mdnet/server/ImageServer.kt
index 8aac83c..9fe6c36 100644
--- a/src/main/kotlin/mdnet/server/ImageServer.kt
+++ b/src/main/kotlin/mdnet/server/ImageServer.kt
@@ -108,8 +108,13 @@ fun getServer(
 
     val verifier = TokenVerifier(
         tokenKey = remoteSettings.tokenKey,
+        isDisabled = devSettings.disableTokenValidation,
     )
 
+    if (devSettings.disableTokenValidation) {
+        LOGGER.warn { "Token validation has been explicitly disabled. This should only be used for testing!" }
+    }
+
     return timeRequest()
         .then(addCommonHeaders(devSettings.sendServerHeader))
         .then(catchAllHideDetails())
diff --git a/src/main/kotlin/mdnet/server/TokenVerifier.kt b/src/main/kotlin/mdnet/server/TokenVerifier.kt
index 0083faf..2f411eb 100644
--- a/src/main/kotlin/mdnet/server/TokenVerifier.kt
+++ b/src/main/kotlin/mdnet/server/TokenVerifier.kt
@@ -37,11 +37,16 @@ import org.slf4j.LoggerFactory
 import java.time.OffsetDateTime
 import java.util.Base64
 
-class TokenVerifier(tokenKey: ByteArray) : Filter {
+class TokenVerifier(tokenKey: ByteArray, isDisabled: Boolean) : Filter {
     private val box = TweetNaclFast.SecretBox(tokenKey)
+    private val isDisabled = isDisabled
 
     override fun invoke(next: HttpHandler): HttpHandler {
         return then@{
+            if (isDisabled) {
+                return@then next(it)
+            }
+
             val chapterHash = Path.of("chapterHash")(it)
 
             val cleanedUri = it.uri.path.replaceBefore("/data", "/{token}")
diff --git a/src/main/kotlin/mdnet/settings/ClientSettings.kt b/src/main/kotlin/mdnet/settings/ClientSettings.kt
index 3c37773..34d162e 100644
--- a/src/main/kotlin/mdnet/settings/ClientSettings.kt
+++ b/src/main/kotlin/mdnet/settings/ClientSettings.kt
@@ -51,6 +51,7 @@ data class DevSettings(
     val devUrl: String? = null,
     val disableSniCheck: Boolean = false,
     val sendServerHeader: Boolean = false,
+    val disableTokenValidation: Boolean = false,
 )
 
 @JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy::class)
diff --git a/src/test/kotlin/mdnet/server/TokenVerifierTest.kt b/src/test/kotlin/mdnet/server/TokenVerifierTest.kt
index 8c81ec6..f80942a 100644
--- a/src/test/kotlin/mdnet/server/TokenVerifierTest.kt
+++ b/src/test/kotlin/mdnet/server/TokenVerifierTest.kt
@@ -31,7 +31,7 @@ class TokenVerifierTest : FreeSpec() {
         val clientKeys = TweetNaclFast.Box.keyPair()
         val box = TweetNaclFast.Box(clientKeys.publicKey, remoteKeys.secretKey)
 
-        val backend = TokenVerifier(box.before()).then {
+        val backend = TokenVerifier(box.before(), false).then {
             Response(Status.OK)
         }