diff --git a/conf/webwork2.mojolicious.dist.yml b/conf/webwork2.mojolicious.dist.yml
index cb4397297e..106f36b57b 100644
--- a/conf/webwork2.mojolicious.dist.yml
+++ b/conf/webwork2.mojolicious.dist.yml
@@ -239,3 +239,10 @@ debug:
 hardcopy:
   # If 1, don't delete temporary files created when a hardcopy is generated.
   preserve_temp_files: 0
+
+# Set this to 1 to allow the html2xml and render_rpc endpoints to disable
+# cookies and thus skip two factor authentication. This should never be enabled
+# for a typical webwork server.  This should only be enabled if you want to
+# allow serving content via these endpoints to links in external websites with
+# usernames and passwords embedded in them such as for PreTeXt textbooks.
+allow_unsecured_rpc: 0
diff --git a/lib/WeBWorK.pm b/lib/WeBWorK.pm
index 7b6c28413a..c9c8480880 100644
--- a/lib/WeBWorK.pm
+++ b/lib/WeBWorK.pm
@@ -91,12 +91,13 @@ async sub dispatch ($c) {
 	if ($c->current_route =~ /^(render_rpc|instructor_rpc|html2xml)$/) {
 		$c->{rpc} = 1;
 
-		$c->stash(disable_cookies => 1) if $c->current_route eq 'render_rpc' && $c->param('disableCookies');
+		$c->stash(disable_cookies => 1)
+			if $c->current_route eq 'render_rpc' && $c->param('disableCookies') && $c->config('allow_unsecured_rpc');
 
 		# This provides compatibility for legacy html2xml parameters.
 		# This should be deleted when the html2xml endpoint is removed.
 		if ($c->current_route eq 'html2xml') {
-			$c->stash(disable_cookies => 1);
+			$c->stash(disable_cookies => 1) if $c->config('allow_unsecured_rpc');
 			for ([ 'userID', 'user' ], [ 'course_password', 'passwd' ], [ 'session_key', 'key' ]) {
 				$c->param($_->[1], $c->param($_->[0])) if defined $c->param($_->[0]) && !defined $c->param($_->[1]);
 			}