Always authenticate ajax calls

Our mechanism for blacklisting IPs, which was developed as a protection against a DDoS attach, sometimes classifies IPs as offenders incorrectly. In order to temporary improve the situation of 403 responses from API we're now going to authenticate all of the ajax calls, because authenticated calls are not blacklisted that easily.
2016-01-21 13:58:49 +01:00 · 2016-01-21 13:58:49 +01:00 · 5c0697ed85
commit 5c0697ed85
parent 7cfa83deb8
1 changed files with 1 additions and 16 deletions
--- a/app/services/ajax.js
+++ b/app/services/ajax.js
@ -12,8 +12,6 @@ default_options = {

 export default Ember.Service.extend({
  auth: Ember.inject.service(),
-  publicEndpoints: [/\/repos\/?.*/, /\/builds\/?.*/, /\/jobs\/?.*/],
-  privateEndpoints: [/\/repos\/\d+\/caches/],

  get(url, callback, errorCallback) {
    return this.ajax(url, 'get', {
@ -37,20 +35,7 @@ export default Ember.Service.extend({
  },

  needsAuth(method, url) {
-    var privateEndpoint, publicEndpoint;
-    if (config.pro) {
-      return true;
-    }
-    if (method !== 'GET') {
-      return true;
-    }
-    publicEndpoint = this.publicEndpoints.find(function(pattern) {
-      return url.match(pattern);
-    });
-    privateEndpoint = this.privateEndpoints.find(function(pattern) {
-      return url.match(pattern);
-    });
-    return !publicEndpoint || privateEndpoint;
+    return true;
  },

  ajax(url, method, options) {