From 10e50cf5e4d452394aff3825c07927bd34652972 Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Sat, 13 Feb 2021 12:19:10 +1100
Subject: [PATCH] Allow access to static files without being logged in

---
 InvenTree/InvenTree/middleware.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/InvenTree/InvenTree/middleware.py b/InvenTree/InvenTree/middleware.py
index 37b9a27c63..2f1cf3a157 100644
--- a/InvenTree/InvenTree/middleware.py
+++ b/InvenTree/InvenTree/middleware.py
@@ -47,7 +47,12 @@ class AuthRequiredMiddleware(object):
 
             authorized = False
 
-            if 'Authorization' in request.headers.keys():
+            # Allow static files to be accessed without auth
+            # Important for e.g. login page
+            if request.path_info.startswith('/static/'):
+                authorized = True
+
+            elif 'Authorization' in request.headers.keys():
                 auth = request.headers['Authorization'].strip()
 
                 if auth.startswith('Token') and len(auth.split()) == 2:
@@ -56,7 +61,7 @@ class AuthRequiredMiddleware(object):
                     # Does the provided token match a valid user?
                     if Token.objects.filter(key=token).exists():
 
-                        allowed = ['/api/', '/media/', '/static/']
+                        allowed = ['/api/', '/media/']
 
                         # Only allow token-auth for /media/ or /static/ dirs!
                         if any([request.path_info.startswith(a) for a in allowed]):