From 595393f2736b385a489869a987e30f1181aea037 Mon Sep 17 00:00:00 2001 From: Piotr Sarnacki Date: Thu, 2 May 2013 17:59:41 +0200 Subject: [PATCH] Don't send Authorization header when it's not needed CORS specification specifies "simple request", which does not need a preflight OPTIONS request. The only thing, which we send and is forbidding to send simple requests is Authorization header, which is not needed for public endpoints. --- assets/scripts/lib/travis/ajax.coffee | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/assets/scripts/lib/travis/ajax.coffee b/assets/scripts/lib/travis/ajax.coffee index 0a694674..5180ecc2 100644 --- a/assets/scripts/lib/travis/ajax.coffee +++ b/assets/scripts/lib/travis/ajax.coffee @@ -1,6 +1,8 @@ jQuery.support.cors = true Travis.ajax = Em.Object.create + publicEndpoints: [/\/repos\/?.*/, /\/builds\/?.*/, /\/jobs\/?.*/] + DEFAULT_OPTIONS: accepts: json: 'application/vnd.travis-ci.2+json' @@ -11,12 +13,21 @@ Travis.ajax = Em.Object.create post: (url, data, callback) -> @ajax(url, 'post', data: data, success: callback) + needsAuth: (method, url) -> + return false if method != 'GET' + + result = @publicEndpoints.find (pattern) -> + url.match(pattern) + + !result + ajax: (url, method, options) -> method = method.toUpperCase() endpoint = Travis.config.api_endpoint || '' options = options || {} - if token = Travis.sessionStorage.getItem('travis.token') + token = Travis.sessionStorage.getItem('travis.token') + if token && Travis.ajax.needsAuth(method, url) options.headers ||= {} options.headers['Authorization'] ||= "token #{token}"