jedcunningham commented on code in PR #34349:
URL: https://github.com/apache/airflow/pull/34349#discussion_r1349154676
##########
airflow/www/extensions/init_views.py:
##########
@@ -308,5 +318,16 @@ def init_api_experimental(app):
"The authenticated user has full access.",
RemovedInAirflow3Warning,
)
+ base_paths.append("/api/experimental")
app.register_blueprint(endpoints.api_experimental,
url_prefix="/api/experimental")
app.extensions["csrf"].exempt(endpoints.api_experimental)
+
+
+def init_api_auth_provider(app):
+ """Initialize the API offered by the auth manager."""
+ auth_mgr = get_auth_manager()
+ blueprint = auth_mgr.get_api_blueprint()
+ if blueprint is not None:
+ base_paths.append(blueprint.url_prefix)
+ app.register_blueprint(blueprint)
+ app.extensions["csrf"].exempt(blueprint)
Review Comment:
Ah, I didn't notice the name. Does restricting it to api really make sense
though? I wonder if it should be [opt-out like
this](https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/plugins.html#exclude-views-from-csrf-protection),
and allow auth manager to just register any old blueprint.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
