X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/30d63b582ed093d235ae4a9efdeda5de1d4e2f24..3d078f8d6387e64eb6f0b844d2fe784a0be45230:/services/api/config/routes.rb diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb index e4d2975a57..27fd67cece 100644 --- a/services/api/config/routes.rb +++ b/services/api/config/routes.rb @@ -3,6 +3,14 @@ Server::Application.routes.draw do # See http://guides.rubyonrails.org/routing.html + # OPTIONS requests are not allowed at routes that use cookies. + ['/auth/*a', '/login', '/logout'].each do |nono| + match nono, :to => 'user_sessions#cross_origin_forbidden', :via => 'OPTIONS' + end + # OPTIONS at discovery and API paths get an empty response with CORS headers. + match '/discovery/v1/*a', :to => 'static#empty', :via => 'OPTIONS' + match '/arvados/v1/*a', :to => 'static#empty', :via => 'OPTIONS' + namespace :arvados do namespace :v1 do resources :api_client_authorizations do @@ -15,13 +23,16 @@ Server::Application.routes.draw do get 'used_by', on: :member end resources :groups do + get 'contents', on: :collection get 'contents', on: :member end resources :humans resources :job_tasks resources :jobs do get 'queue', on: :collection + get 'queue_size', on: :collection post 'cancel', on: :member + post 'lock', on: :member end resources :keep_disks do post 'ping', on: :collection @@ -56,12 +67,19 @@ Server::Application.routes.draw do get 'logins', on: :member get 'get_all_logins', on: :collection end + get '/permissions/:uuid', :to => 'links#get_permissions' end end + if Rails.env == 'test' + post '/database/reset', to: 'database#reset' + end + # omniauth match '/auth/:provider/callback', :to => 'user_sessions#create' match '/auth/failure', :to => 'user_sessions#failure' + # not handled by omniauth provider -> 403 with no CORS headers. + get '/auth/*a', :to => 'user_sessions#cross_origin_forbidden' # Custom logout match '/login', :to => 'user_sessions#login'