By default, login_required, not adding a decorator everywhere

You can add a function before_requestthat requires a default input and create a simple decoder login_exemptfor several routes that do not require it.

Be sure to free the static files, otherwise they will not be downloaded for unauthenticated users.

Flask-HTTPAuth login_required require , , .

def login_exempt(f):
    f.login_exempt = True
    return f

# a dummy callable to execute the login_required logic
login_required_dummy_view = auth.login_required(lambda: None)

@app.before_request
def default_login_required():
    # exclude 404 errors and static routes
    # uses split to handle blueprint static routes as well
    if not request.endpoint or request.endpoint.rsplit('.', 1)[-1] == 'static':
        return

     view = current_app.view_functions[request.endpoint]

     if getattr(view, 'login_exempt', False):
         return

     return login_required_dummy_view()

# for example, the login page shouldn't require login
@app.route('/login', methods=['GET', 'POST'])
@login_exempt
def login():
    pass