Don't redirect the /events endpoint to login (#1132)

* Detect `text/event-stream` in `authed_only` to prevent unnecessary redirects to `/login`
2026-02-02 21:04:28 +01:00 · 2019-10-11 23:18:44 -07:00
parent a9b2fe15e3
commit 6c5c63d667
1 changed files with 1 additions and 1 deletions
--- a/CTFd/utils/decorators/init.py
+++ b/CTFd/utils/decorators/init.py
@@ -84,7 +84,7 @@ def authed_only(f):
        if authed():
            return f(*args, **kwargs)
        else:
-            if request.content_type == "application/json":
+            if request.content_type == "application/json" or request.accept_mimetypes.best == "text/event-stream":
                abort(403)
            else:
                return redirect(url_for("auth.login", next=request.full_path))