Nonexistent routes should not redirect to the 2FA page, as there can
be missing resources, which would cause the 2FA secret to be regenerated

For UploadsController#show routes, any resource trying to be loaded
while on the 2FA page (avatar, custom header etc) would redirect to
the 2FA page, also regenerating the token after the QR/key was already
rendered in the view.