Skip to content

Commit

Permalink
Merge pull request #648 from TeskaLabs/patch/v24.47
Browse files Browse the repository at this point in the history 
v24.47.1 - Security authorization patch
  • Loading branch information
@byewokko
byewokko authored Dec 3, 2024
2 parents fb69e06 + ddd8b2f commit c295cb7
Showing 1 changed file with 2 additions and 6 deletions.
8 changes: 2 additions & 6 deletions asab/web/auth/service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,10 +444,6 @@ async def _wrap_handlers(self, aiohttp_app):
if not inspect.iscoroutinefunction(route.handler):
continue

# Skip auth for HEAD requests
if route.method == "HEAD":
continue

try:
self._wrap_handler(route)
except Exception as e:
Expand Down Expand Up @@ -762,7 +758,7 @@ def _set_tenant_context_from_url_query(handler):
@functools.wraps(handler)
async def wrapper(*args, **kwargs):
request = args[-1]
header_tenant = Tenant.get(None)
header_tenant = request.headers.get("X-Tenant")
tenant = request.query.get("tenant")

if tenant is None:
Expand Down Expand Up @@ -797,7 +793,7 @@ def _set_tenant_context_from_url_path(handler):
@functools.wraps(handler)
async def wrapper(*args, **kwargs):
request = args[-1]
header_tenant = Tenant.get(None)
header_tenant = request.headers.get("X-Tenant")
tenant = request.match_info.get("tenant")

if header_tenant is not None:
Expand Down

0 comments on commit c295cb7

Please sign in to comment.