projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
14196: Revert debug change to Access-Control-Max-Age
[arvados.git]
/
services
/
api
/
app
/
controllers
/
application_controller.rb
diff --git
a/services/api/app/controllers/application_controller.rb
b/services/api/app/controllers/application_controller.rb
index 1cb49f46749054859980471772aa8f4b3f7f51e1..a0555d13d762a495d9e30a57347ed3336f0e0984 100644
(file)
--- a/
services/api/app/controllers/application_controller.rb
+++ b/
services/api/app/controllers/application_controller.rb
@@
-82,11
+82,17
@@
class ApplicationController < ActionController::Base
end
def default_url_options
end
def default_url_options
+ options = {}
if Rails.configuration.host
if Rails.configuration.host
- {:host => Rails.configuration.host}
- else
- {}
+ options[:host] = Rails.configuration.host
+ end
+ if Rails.configuration.port
+ options[:port] = Rails.configuration.port
+ end
+ if Rails.configuration.protocol
+ options[:protocol] = Rails.configuration.protocol
end
end
+ options
end
def index
end
def index
@@
-338,13
+344,20
@@
class ApplicationController < ActionController::Base
# If there are too many reader tokens, assume the request is malicious
# and ignore it.
if request.get? and params[:reader_tokens] and
# If there are too many reader tokens, assume the request is malicious
# and ignore it.
if request.get? and params[:reader_tokens] and
- params[:reader_tokens].size < 100
+ params[:reader_tokens].size < 100
+ secrets = params[:reader_tokens].map { |t|
+ if t.is_a? String and t.starts_with? "v2/"
+ t.split("/")[2]
+ else
+ t
+ end
+ }
@read_auths += ApiClientAuthorization
.includes(:user)
.where('api_token IN (?) AND
(expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
@read_auths += ApiClientAuthorization
.includes(:user)
.where('api_token IN (?) AND
(expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
-
params[:reader_tokens]
)
- .
all
+
secrets
)
+ .
to_a
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
@read_users = @read_auths.map(&:user).uniq
end
@read_auths.select! { |auth| auth.scopes_allow_request? request }
@read_users = @read_auths.map(&:user).uniq
@@
-557,7
+570,13
@@
class ApplicationController < ActionController::Base
location: "query",
required: false,
default: false
location: "query",
required: false,
default: false
- }
+ },
+ cluster_id: {
+ type: 'string',
+ description: "Create object on a remote federated cluster instead of the current one.",
+ location: "query",
+ required: false,
+ },
}
end
}
end