Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow access to static files without being logged in

Browse Source
This commit is contained in:
Oliver Walters 2021-02-13 12:19:10 +11:00
parent 998620b5f3
commit 10e50cf5e4
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
InvenTree/InvenTree/middleware.py
View File

@ -47,7 +47,12 @@ class AuthRequiredMiddleware(object):
authorized = False authorized = False
if 'Authorization' in request.headers.keys(): # Allow static files to be accessed without auth
# Important for e.g. login page
if request.path_info.startswith('/static/'):
authorized = True
elif 'Authorization' in request.headers.keys():
auth = request.headers['Authorization'].strip() auth = request.headers['Authorization'].strip()
if auth.startswith('Token') and len(auth.split()) == 2: if auth.startswith('Token') and len(auth.split()) == 2:
@ -56,7 +61,7 @@ class AuthRequiredMiddleware(object):
# Does the provided token match a valid user? # Does the provided token match a valid user?
if Token.objects.filter(key=token).exists(): if Token.objects.filter(key=token).exists():
allowed = ['/api/', '/media/', '/static/'] allowed = ['/api/', '/media/']
# Only allow token-auth for /media/ or /static/ dirs! # Only allow token-auth for /media/ or /static/ dirs!
if any([request.path_info.startswith(a) for a in allowed]): if any([request.path_info.startswith(a) for a in allowed]):