From 6899b8d759ec5266b3893d47d4d0c2280fa8652f Mon Sep 17 00:00:00 2001 From: "robin.hruska@teskalabs.com" Date: Tue, 3 Dec 2024 08:58:28 +0100 Subject: [PATCH] HEAD requests must be authorized --- asab/web/auth/service.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/asab/web/auth/service.py b/asab/web/auth/service.py index b43bb690..604e3d6d 100644 --- a/asab/web/auth/service.py +++ b/asab/web/auth/service.py @@ -441,10 +441,6 @@ async def set_up_auth_web_wrapper(self, aiohttp_app: aiohttp.web.Application): if not inspect.iscoroutinefunction(route.handler): continue - # Skip auth for HEAD requests - if route.method == "HEAD": - continue - try: self._set_handler_auth(route) except Exception as e: