webapp: Explicitly avoid checking for auth in static subsite requests.
Yesod didn't used to do auth checks for that, but this may have changed. I don't have a way to reproduce the reported problem yet, but this change certianly won't hurt anything. This commit was sponsored by Thom May on Patreon.
This commit is contained in:
Joey Hess
parent
6bcddd244e
commit
4643470537
4 changed files with 36 additions and 12 deletions
|
|
@ -48,17 +48,17 @@ data WebApp = WebApp
|
|||
}
|
||||
|
||||
mkYesodData "WebApp" $(parseRoutesFile "Assistant/WebApp/routes")
|
||||
|
||||
excludeStatic [] = True
|
||||
excludeStatic (p:_) = p /= "static"
|
||||
|
||||
instance Yesod WebApp where
|
||||
{- Require an auth token be set when accessing any (non-static) route -}
|
||||
isAuthorized _ _ = checkAuthToken authToken
|
||||
isAuthorized r _ = checkAuthToken authToken r excludeStatic
|
||||
|
||||
{- Add the auth token to every url generated, except static subsite
|
||||
- urls (which can show up in Permission Denied pages). -}
|
||||
joinPath = insertAuthToken authToken excludeStatic
|
||||
where
|
||||
excludeStatic [] = True
|
||||
excludeStatic (p:_) = p /= "static"
|
||||
|
||||
makeSessionBackend = webAppSessionBackend
|
||||
jsLoader _ = BottomOfHeadBlocking
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue