From 6c5c63d667a17aec159c8e26ea53dccfbc4d0fa3 Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@ctfd.io>
Date: Fri, 11 Oct 2019 23:18:44 -0700
Subject: [PATCH] Don't redirect the /events endpoint to login (#1132)

* Detect `text/event-stream` in `authed_only` to prevent unnecessary redirects to `/login`
---
 CTFd/utils/decorators/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CTFd/utils/decorators/__init__.py b/CTFd/utils/decorators/__init__.py
index e262b3b2..c30cf2bc 100644
--- a/CTFd/utils/decorators/__init__.py
+++ b/CTFd/utils/decorators/__init__.py
@@ -84,7 +84,7 @@ def authed_only(f):
         if authed():
             return f(*args, **kwargs)
         else:
-            if request.content_type == "application/json":
+            if request.content_type == "application/json" or request.accept_mimetypes.best == "text/event-stream":
                 abort(403)
             else:
                 return redirect(url_for("auth.login", next=request.full_path))