From 5f9b0e9b86803e53a84b97d12020324dc2d5c492 Mon Sep 17 00:00:00 2001
From: Arksine <arksine.code@gmail.com>
Date: Mon, 17 May 2021 17:52:47 -0400
Subject: [PATCH] app: don't require authorization to retreive static files

Generally speaking static files do not require authorization, so there should be little harm in bypassing auth checks.  This allows clients to retrieve assets without XHRs or requesting tokens.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moonraker/app.py b/moonraker/app.py
index d910f8a..17e7698 100644
--- a/moonraker/app.py
+++ b/moonraker/app.py
@@ -331,7 +331,7 @@ class AuthorizedFileHandler(tornado.web.StaticFileHandler):
 
     def prepare(self):
         auth = self.server.lookup_component('authorization', None)
-        if auth is not None:
+        if auth is not None and self.request.method != "GET":
             self.current_user = auth.check_authorized(self.request)
 
     def options(self, *args, **kwargs):