app: don't require authorization to retreive static files

Generally speaking static files do not require authorization, so there should be little harm in bypassing auth checks.  This allows clients to retrieve assets without XHRs or requesting tokens.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Arksine 2021-05-17 17:52:47 -04:00
parent 9fe6ef82a5
commit 5f9b0e9b86
1 changed files with 1 additions and 1 deletions

View File

@ -331,7 +331,7 @@ class AuthorizedFileHandler(tornado.web.StaticFileHandler):
def prepare(self):
auth = self.server.lookup_component('authorization', None)
if auth is not None:
if auth is not None and self.request.method != "GET":
self.current_user = auth.check_authorized(self.request)
def options(self, *args, **kwargs):