jedcunningham commented on code in PR #34349:
URL: https://github.com/apache/airflow/pull/34349#discussion_r1349150046
##########
airflow/www/extensions/init_views.py:
##########
@@ -308,5 +318,16 @@ def init_api_experimental(app):
"The authenticated user has full access.",
RemovedInAirflow3Warning,
)
+ base_paths.append("/api/experimental")
app.register_blueprint(endpoints.api_experimental,
url_prefix="/api/experimental")
app.extensions["csrf"].exempt(endpoints.api_experimental)
+
+
+def init_api_auth_provider(app):
+ """Initialize the API offered by the auth manager."""
+ auth_mgr = get_auth_manager()
+ blueprint = auth_mgr.get_api_blueprint()
+ if blueprint is not None:
+ base_paths.append(blueprint.url_prefix)
+ app.register_blueprint(blueprint)
+ app.extensions["csrf"].exempt(blueprint)
Review Comment:
As an example, FAB auth manager has the ui for managing roles/users. Other
auth managers technically could do something similar. Blueprint != api
ultimately, right? A better example to follow would be how [plugins register -
no csrf
exemption](https://github.com/apache/airflow/blob/25cd12d307be6359c844f4764b6f90e954bccb56/airflow/www/extensions/init_views.py#L158).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
