No, its .read
if its something a user with read-only access should have access to and .write
if its something that requires full read/write access.
Do not equate read
and write
with get
and post
- there may be things that only a user with full access is allowed to read.
Any endpoint that has needsPermission
will require the auth header to be set to access. jQuery is setup by us to add that header for any request - so your $.ajax
requests will work.
The <script>
loading of xterm.js
won't work because the browser doesn't know to add the auth header.
In general though, loading static javascript resources don't need to be behind an endpoint protected by needsPermission
. So the fix would be to add a separate endpoint for serving these resources and don't use needsPermission
on it.