From c36fc9c20e3ec31359f8a77e1bdfb8ade3f0384c Mon Sep 17 00:00:00 2001
From: jfriedli
Date: Wed, 2 Oct 2019 08:25:55 -0700
Subject: handle HEAD requests correctly

---
 main.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'main.py')

diff --git a/main.py b/main.py
index 5c6211d..a4766b1 100644
--- a/main.py
+++ b/main.py
@@ -35,7 +35,7 @@ def create_app(test_config=None):
     CORS(app, resources={r"/api/*": {"origins": utils.get_allow_origin_header_value()}})
 
     @app.route('/download/<string:key>/<string:filename>')
-    def download_file(key:str, filename:str):
+    def download_file(key: str, filename:str):
         if filename != secure_filename(filename):
             return redirect(url_for('upload_file'))
 
@@ -173,11 +173,12 @@ def create_app(test_config=None):
     class APIDownload(Resource):
         def get(self, key: str, filename: str):
             complete_path, filepath = is_valid_api_download_file(filename, key)
-
-            @after_this_request
-            def remove_file(response):
-                os.remove(complete_path)
-                return response
+            # Make sure the file is NOT deleted on HEAD requests
+            if request.method == 'GET':
+                @after_this_request
+                def remove_file(response):
+                    os.remove(complete_path)
+                    return response
 
             return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)
 
-- 
cgit v1.3