Remove the web console EPP endpoint

This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it. We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration. Also, this is a security risk, as it allowed to do "billable actions" (creating a new domain for example) with the only authentication being access to the registrar's G Suite account. This bypassed the certificate, IP whitelist, and EPP password, which is bad. PUBLIC: Remove the web console EPP endpoint This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it. We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=236244195
2025-05-12 22:38:16 +02:00 · 2019-02-28 19:37:30 -08:00 · 2019-02-28 19:37:30 -08:00 · dfad79759e
commit dfad79759e
parent f12d368da3
52 changed files with 58 additions and 3788 deletions
--- a/java/google/registry/ui/js/session.js
+++ b/java/google/registry/ui/js/session.js
@ -23,14 +23,13 @@ goog.forwardDeclare('goog.Uri');


 /**
- * XHR launcher for both JSON and XML requests.
+ * XHR launcher for JSON requests.
 * @param {!goog.Uri} defaultUri URI to which requests are POSTed.
 * @param {string} xsrfToken Cross-site request forgery protection token.
- * @param {!registry.Session.ContentType} contentType Payload mode.
 * @constructor
 * @template REQUEST, RESPONSE
 */
-registry.Session = function(defaultUri, xsrfToken, contentType) {
+registry.Session = function(defaultUri, xsrfToken) {

  /**
   * URI to which requests are posted.
@ -39,36 +38,19 @@ registry.Session = function(defaultUri, xsrfToken, contentType) {
   */
  this.uri = defaultUri;

-  /**
-   * Content type set in request body.
-   * @private {!registry.Session.ContentType}
-   * @const
-   */
-  this.contentType_ = contentType;
-
  /**
   * XHR request headers.
   * @private {!Object<string, string>}
   * @const
   */
  this.headers_ = {
-    'Content-Type': contentType,
+    'Content-Type': 'application/json; charset=utf-8',
    'X-CSRF-Token': xsrfToken,
    'X-Requested-With': 'XMLHttpRequest'
  };
 };


-/**
- * Payload modes supported by this class.
- * @enum {string}
- */
-registry.Session.ContentType = {
-  JSON: 'application/json; charset=utf-8',
-  EPP: 'application/epp+xml'
-};
-
-
 /**
 * Abstract method to send a request to the server.
 * @param {REQUEST} body HTTP request body as a string or JSON object.
@ -99,9 +81,7 @@ registry.Session.prototype.sendXhrIo =
 registry.Session.prototype.onXhrComplete_ = function(onSuccess, onError, e) {
  if (e.target.isSuccess()) {
    onSuccess(/** @type {!RESPONSE} */ (
-        this.contentType_ == registry.Session.ContentType.JSON ?
-            e.target.getResponseJson(registry.Session.PARSER_BREAKER_) :
-            e.target.getResponseXml()));
+        e.target.getResponseJson(registry.Session.PARSER_BREAKER_)));
  } else {
    onError(e.target.getLastError());
  }