1 files changed, 7 insertions, 6 deletions
diff --git a/main.py b/main.py
index 5c6211d..a4766b1 100644
--- a/main.py
+++ b/main.py
@@ -35,7 +35,7 @@ def create_app(test_config=None):
    CORS(app, resources={r"/api/*": {"origins": utils.get_allow_origin_header_value()}})
    @app.route('/download/<string:key>/<string:filename>')
-    def download_file(key:str, filename:str):
+    def download_file(key: str, filename:str):
        if filename != secure_filename(filename):
            return redirect(url_for('upload_file'))
@@ -173,11 +173,12 @@ def create_app(test_config=None):
    class APIDownload(Resource):
        def get(self, key: str, filename: str):
            complete_path, filepath = is_valid_api_download_file(filename, key)
+            # Make sure the file is NOT deleted on HEAD requests
-            @after_this_request
+            if request.method == 'GET':
-            def remove_file(response):
+                @after_this_request
-                os.remove(complete_path)
+                def remove_file(response):
-                return response
+                    os.remove(complete_path)
+                    return response
            return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)

diff --git a/main.py b/main.py index 5c6211d..a4766b1 100644 --- a/main.py +++ b/main.py
@@ -35,7 +35,7 @@ def create_app(test_config=None):
35	CORS(app, resources={r"/api/*": {"origins": utils.get_allow_origin_header_value()}})	35	CORS(app, resources={r"/api/*": {"origins": utils.get_allow_origin_header_value()}})
36		36
37	@app.route('/download/<string:key>/<string:filename>')	37	@app.route('/download/<string:key>/<string:filename>')
38	def download_file(key:str, filename:str):	38	def download_file(key: str, filename:str):
39	if filename != secure_filename(filename):	39	if filename != secure_filename(filename):
40	return redirect(url_for('upload_file'))	40	return redirect(url_for('upload_file'))
41		41
@@ -173,11 +173,12 @@ def create_app(test_config=None):
173	class APIDownload(Resource):	173	class APIDownload(Resource):
174	def get(self, key: str, filename: str):	174	def get(self, key: str, filename: str):
175	complete_path, filepath = is_valid_api_download_file(filename, key)	175	complete_path, filepath = is_valid_api_download_file(filename, key)
176		176	# Make sure the file is NOT deleted on HEAD requests
177	@after_this_request	177	if request.method == 'GET':
178	def remove_file(response):	178	@after_this_request
179	os.remove(complete_path)	179	def remove_file(response):
180	return response	180	os.remove(complete_path)
		181	return response
181		182
182	return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)	183	return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)
183		184