rob05c commented on a change in pull request #3023: WIP Supported routes fetch
URL: https://github.com/apache/trafficcontrol/pull/3023#discussion_r233150938
##########
File path: traffic_ops/traffic_ops_golang/routes.go
##########
@@ -424,6 +424,17 @@ func Routes(d ServerData) ([]Route, []RawRoute,
http.Handler, error) {
{http.MethodGet, `tools/write_crconfig/{cdn}/?$`,
crconfig.SnapshotOldGUIHandler, auth.PrivLevelOperations, Authenticated, nil},
// DEPRECATED - use GET /api/1.2/cdns/{cdn}/snapshot
{http.MethodGet, `CRConfig-Snapshots/{cdn}/CRConfig.json?$`,
crconfig.SnapshotOldGetHandler, auth.PrivLevelReadOnly, Authenticated, nil},
+
+ // The '/api' endpoint, that tells clients what routes are
available under /api/1.x
+ {http.MethodGet, `api/?$`, api.AvailableRoutesHandler, 0,
false, nil},
Review comment:
I don't think this does what you think. Setting `nil` for the middleware,
makes the router use the default. Is that the intention? I think it should be,
for gzip, default headers, etc. But these handlers appear to be trying to set
the server name and CORS themselves. I think this should keep setting `nil`,
but change the handlers to be aware of what is being set by default, and not do
it themselves.
`false` should never be passed for auth, either pass `Authenticated` or
`NoAuth`, so it's immediately visible in this file that the routes are not
authenticated. In fact, I think I'm going to change it to make passing `false`
impossible.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
