More general test for authorized paths

2021-06-07 20:33:54 +01:00 · 2021-06-07 20:33:54 +01:00 · 4899fdea28
parent f1e3a2591c
commit 4899fdea28
1 changed files with 7 additions and 7 deletions
--- a/daemon.py
+++ b/daemon.py
@ -1264,13 +1264,13 @@ class PubServer(BaseHTTPRequestHandler):
    def _isAuthorized(self) -> bool:
        self.authorizedNickname = None

-        if self.path.startswith('/icons/') or \
-           self.path.startswith('/avatars/') or \
-           self.path.startswith('/favicon.ico') or \
-           self.path.startswith('/newswire_favicon.ico') or \
-           self.path.startswith('/categories.xml') or \
-           self.path.startswith('/newswire.xml'):
-            return False
+        notAuthPaths = (
+            '/icons/', '/avatars/', '/favicon.ico', '/newswire.xml',
+            '/newswire_favicon.ico', '/categories.xml'
+        )
+        for notAuthStr in notAuthPaths:
+            if self.path.startswith(notAuthStr):
+                return False

        # token based authenticated used by the web interface
        if self.headers.get('Cookie'):