Fixes #687 - auth conflict

Roughly April 10th, 2025, something changed about the way auth was handled for files. By including the auth headers in GET requests for files, a session cookie was being set that seemed to cause 401s for any file requests. In essence, one bad request meant that you couldn't recover unless you specifically cleared those cookies out of the session.

Here we avoid that problem entirely by simply not sending auth headers when requesting attachment downloads.

More discussion here: #687

Author: bainco

canvasapi/file.py

@@ -27,7 +27,7 @@ def download(self, location):
         :param location: The path to download to.
         :type location: str
         """
-        response = self._requester.request("GET", _url=self.url)
+        response = self._requester.request("GET", _url=self.url, get_auth=False)
 
         with open(location, "wb") as file_out:
             file_out.write(response.content)
@@ -39,7 +39,7 @@ def get_contents(self, binary=False):
 
         :rtype: str or bytes
         """
-        response = self._requester.request("GET", _url=self.url)
+        response = self._requester.request("GET", _url=self.url, get_auth=False)
         if binary:
             return response.content
         else: