projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'crunch-job_finds_newer_docker_hashes' of https://github.com/tmooney...
[arvados.git]
/
services
/
api
/
app
/
controllers
/
application_controller.rb
diff --git
a/services/api/app/controllers/application_controller.rb
b/services/api/app/controllers/application_controller.rb
index 3c5bf94d2c4b06f8d1a1e301971cdf39673d8a44..776f7e190e06ad0a486dad78c04affe84493175a 100644
(file)
--- a/
services/api/app/controllers/application_controller.rb
+++ b/
services/api/app/controllers/application_controller.rb
@@
-25,6
+25,7
@@
class ApplicationController < ActionController::Base
ERROR_ACTIONS = [:render_error, :render_not_found]
ERROR_ACTIONS = [:render_error, :render_not_found]
+ before_filter :disable_api_methods
before_filter :set_cors_headers
before_filter :respond_with_json_by_default
before_filter :remote_ip
before_filter :set_cors_headers
before_filter :respond_with_json_by_default
before_filter :remote_ip
@@
-385,6
+386,13
@@
class ApplicationController < ActionController::Base
end
end
end
end
+ def disable_api_methods
+ if Rails.configuration.disable_api_methods.
+ include?(controller_name + "." + action_name)
+ send_error("Disabled", status: 404)
+ end
+ end
+
def set_cors_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
def set_cors_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'