diff --git a/index.js b/index.js index e55fc03..834913a 100644 --- a/index.js +++ b/index.js @@ -20,12 +20,16 @@ const _isEmpty = require('lodash/isEmpty'), /** * determine if a route is protected - * protected routes are ?edit=true and any method other than GET + * protected routes are ?edit=true and any method other than GET or HEAD * @param {object} req * @returns {boolean} */ function isProtectedRoute(req) { - return !!req.query.edit || !_includes(req.originalUrl, '/_auth') && req.method !== 'GET'; + return ( + !!req.query.edit + || !_includes(req.originalUrl, '/_auth') + && !_includes(['GET', 'HEAD'], req.method) + ); } /** diff --git a/index.test.js b/index.test.js index ef2b1dd..c212806 100644 --- a/index.test.js +++ b/index.test.js @@ -30,6 +30,10 @@ describe(_startCase(filename), function () { it('is false if GET to api (or non-edit page)', function () { expect(fn({ query: {}, method: 'GET' })).toEqual(false); }); + + it('is false if HEAD to api (or non-edit page)', function () { + expect(fn({ query: {}, method: 'HEAD' })).toEqual(false); + }); }); describe('isAuthenticated', function () {