app: don't require authorization to retreive static files

Generally speaking static files do not require authorization, so there should be little harm in bypassing auth checks. This allows clients to retrieve assets without XHRs or requesting tokens. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-17 17:52:47 -04:00 · 2021-05-17 17:52:47 -04:00 · 5f9b0e9b86
parent 9fe6ef82a5
commit 5f9b0e9b86
1 changed files with 1 additions and 1 deletions
--- a/moonraker/app.py
+++ b/moonraker/app.py
@ -331,7 +331,7 @@ class AuthorizedFileHandler(tornado.web.StaticFileHandler):

    def prepare(self):
        auth = self.server.lookup_component('authorization', None)
-        if auth is not None:
+        if auth is not None and self.request.method != "GET":
            self.current_user = auth.check_authorized(self.request)

    def options(self, *args, **kwargs):