diff --git a/InvenTree/InvenTree/middleware.py b/InvenTree/InvenTree/middleware.py index e9a272e13b..1eda1df57a 100644 --- a/InvenTree/InvenTree/middleware.py +++ b/InvenTree/InvenTree/middleware.py @@ -74,6 +74,7 @@ class AuthRequiredMiddleware(object): # Is the function exempt from auth requirements? path_func = resolve(request.path).func + if getattr(path_func, 'auth_exempt', False) is True: return self.get_response(request) @@ -119,7 +120,13 @@ class AuthRequiredMiddleware(object): ] # Do not redirect requests to any of these paths - paths_ignore = ['/api/', '/js/', '/media/', '/static/'] + paths_ignore = [ + '/api/', + '/auth/', + '/js/', + settings.MEDIA_URL, + settings.STATIC_URL, + ] if path not in urls and not any( path.startswith(p) for p in paths_ignore diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py index d3c1ba6f4d..d176a1cd79 100644 --- a/InvenTree/InvenTree/settings.py +++ b/InvenTree/InvenTree/settings.py @@ -130,6 +130,9 @@ DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000 # Web URL endpoint for served static files STATIC_URL = '/static/' +# Web URL endpoint for served media files +MEDIA_URL = '/media/' + STATICFILES_DIRS = [] # Translated Template settings @@ -155,9 +158,6 @@ STATFILES_I18_PROCESSORS = ['InvenTree.context.status_codes'] # Color Themes Directory STATIC_COLOR_THEMES_DIR = STATIC_ROOT.joinpath('css', 'color-themes').resolve() -# Web URL endpoint for served media files -MEDIA_URL = '/media/' - # Database backup options # Ref: https://django-dbbackup.readthedocs.io/en/master/configuration.html DBBACKUP_SEND_EMAIL = False @@ -1058,7 +1058,7 @@ CORS_ALLOW_CREDENTIALS = get_boolean_setting( ) # Only allow CORS access to the following URL endpoints -CORS_URLS_REGEX = r'^/(api|media|static)/.*$' +CORS_URLS_REGEX = r'^/(api|auth|media|static)/.*$' CORS_ALLOWED_ORIGINS = get_setting( 'INVENTREE_CORS_ORIGIN_WHITELIST',