potiuk commented on code in PR #34349: URL: https://github.com/apache/airflow/pull/34349#discussion_r1356013126
########## airflow/www/extensions/init_views.py: ########## @@ -308,5 +318,16 @@ def init_api_experimental(app): "The authenticated user has full access.", RemovedInAirflow3Warning, ) + base_paths.append("/api/experimental") app.register_blueprint(endpoints.api_experimental, url_prefix="/api/experimental") app.extensions["csrf"].exempt(endpoints.api_experimental) + + +def init_api_auth_provider(app): + """Initialize the API offered by the auth manager.""" + auth_mgr = get_auth_manager() + blueprint = auth_mgr.get_api_blueprint() + if blueprint is not None: + base_paths.append(blueprint.url_prefix) + app.register_blueprint(blueprint) + app.extensions["csrf"].exempt(blueprint) Review Comment: Should we have TWO methods instead ? One for APIs and one for UI ? ```python def get_api_endpoints(): # return API endpoints def get_ui_blueprints(): # return UI blueprints ``` The first would be without CSRF the seond with. I think that would make more sense. They could (should ?) be even intitialized in different place. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org