app: don't require authorization to retreive static files
Generally speaking static files do not require authorization, so there should be little harm in bypassing auth checks. This allows clients to retrieve assets without XHRs or requesting tokens. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
parent
9fe6ef82a5
commit
5f9b0e9b86
|
@ -331,7 +331,7 @@ class AuthorizedFileHandler(tornado.web.StaticFileHandler):
|
|||
|
||||
def prepare(self):
|
||||
auth = self.server.lookup_component('authorization', None)
|
||||
if auth is not None:
|
||||
if auth is not None and self.request.method != "GET":
|
||||
self.current_user = auth.check_authorized(self.request)
|
||||
|
||||
def options(self, *args, **kwargs):
|
||||
|
|
Loading…
Reference in New Issue