From 7ff324c45b996546dbbd4cb9c7092fc58d7dc36d Mon Sep 17 00:00:00 2001
From: "sentry[bot]" <39604003+sentry[bot]@users.noreply.github.com>
Date: Wed, 17 Jun 2026 22:40:06 +0000
Subject: [PATCH] fix(middleware): guard request.auth access in
 is_frontend_request

---
 src/sentry/middleware/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/sentry/middleware/__init__.py b/src/sentry/middleware/__init__.py
index 300cae46e77841..326a871700e38b 100644
--- a/src/sentry/middleware/__init__.py
+++ b/src/sentry/middleware/__init__.py
@@ -4,6 +4,7 @@
 from collections.abc import Callable
 from typing import Union
 
+from django.http import HttpRequest
 from django.views import View
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -23,7 +24,7 @@ def get_path(view_func: ViewFunc) -> str | None:
     return path
 
 
-def is_frontend_request(request: Request) -> bool:
+def is_frontend_request(request: HttpRequest | Request) -> bool:
     """
     Used to determine if a request came from the UI or not. UI requests will have cookies and no
     authentication tokens, while requests coming from user scripts will tend to be the opposite.
@@ -32,7 +33,7 @@ def is_frontend_request(request: Request) -> bool:
     belief is that that's a fraction of the total requests. Either way, this function should not be
     used expecting it to be 100% accurate. We are using it only for statistics.
     """
-    return bool(request.COOKIES) and request.auth is None
+    return bool(request.COOKIES) and getattr(request, "auth", None) is None
 
 
 __all__ = ("get_path", "is_frontend_request", "ViewFunc")