handle HEAD requests correctly

2025-05-10 18:25:03 -04:00 · 2019-10-02 08:25:55 -07:00 · 2019-10-02 08:25:55 -07:00 · c36fc9c20e
commit c36fc9c20e
parent d9d4ebf3a2
2 changed files with 15 additions and 6 deletions
--- a/main.py
+++ b/main.py
@ -35,7 +35,7 @@ def create_app(test_config=None):
    CORS(app, resources={r"/api/*": {"origins": utils.get_allow_origin_header_value()}})

    @app.route('/download/<string:key>/<string:filename>')
-    def download_file(key:str, filename:str):
+    def download_file(key: str, filename:str):
        if filename != secure_filename(filename):
            return redirect(url_for('upload_file'))

@ -173,11 +173,12 @@ def create_app(test_config=None):
    class APIDownload(Resource):
        def get(self, key: str, filename: str):
            complete_path, filepath = is_valid_api_download_file(filename, key)
-
-            @after_this_request
-            def remove_file(response):
-                os.remove(complete_path)
-                return response
+            # Make sure the file is NOT deleted on HEAD requests
+            if request.method == 'GET':
+                @after_this_request
+                def remove_file(response):
+                    os.remove(complete_path)
+                    return response

            return send_from_directory(app.config['UPLOAD_FOLDER'], filepath)

--- a/test/test_api.py
+++ b/test/test_api.py
@ -151,6 +151,10 @@ class Mat2APITestCase(unittest.TestCase):
        error = json.loads(request.data.decode('utf-8'))['message']
        self.assertEqual(error, 'The file hash does not match')

+        request = self.app.head(data['download_link'])
+        self.assertEqual(request.status_code, 200)
+        self.assertEqual(request.headers['Content-Length'], '633')
+
        request = self.app.get(data['download_link'])
        self.assertEqual(request.status_code, 200)

@ -210,6 +214,10 @@ class Mat2APITestCase(unittest.TestCase):
        self.assertIn(response['mime'], 'application/zip')
        self.assertEqual(response['meta_after'], {})

+        request = self.app.head(response['download_link'])
+        self.assertEqual(request.status_code, 200)
+        self.assertEqual(request.headers['Content-Length'], '1596')
+
        request = self.app.get(response['download_link'])
        zip_response = zipfile.ZipFile(BytesIO(request.data))
        self.assertEquals(2, len(zip_response.namelist()))