diff --git a/proxy/pkg/middleware/account_resolver.go b/proxy/pkg/middleware/account_resolver.go
index 12262a5b7e..e7d6aed68b 100644
--- a/proxy/pkg/middleware/account_resolver.go
+++ b/proxy/pkg/middleware/account_resolver.go
@@ -56,6 +56,7 @@ func (m accountResolver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
 	claims := oidc.FromContext(ctx)
 	u, ok := revauser.ContextGetUser(ctx)
+	// TODO what if an X-Access-Token is set? happens eg for download requests to the /data endpoint in the reva frontend
 
 	if claims == nil && !ok {
 		m.next.ServeHTTP(w, req)