Middleware verify_header method runs even for 404 Not Found routes

[ermiyaeskandary]

In my verify_header route, I may be making relatively costly DB calls, HTTP calls etc.

The middleware still runs for 404 requests, resulting in an indirect Denial of Service attack being possible against the remote resource.

It should not run when there are requests that would result in a 404.