potiuk commented on code in PR #34349:
URL: https://github.com/apache/airflow/pull/34349#discussion_r1356013126
##########
airflow/www/extensions/init_views.py:
##########
@@ -308,5 +318,16 @@ def init_api_experimental(app):
"The authenticated user has full access.",
RemovedInAirflow3Warning,
)
+ base_paths.append("/api/experimental")
app.register_blueprint(endpoints.api_experimental,
url_prefix="/api/experimental")
app.extensions["csrf"].exempt(endpoints.api_experimental)
+
+
+def init_api_auth_provider(app):
+ """Initialize the API offered by the auth manager."""
+ auth_mgr = get_auth_manager()
+ blueprint = auth_mgr.get_api_blueprint()
+ if blueprint is not None:
+ base_paths.append(blueprint.url_prefix)
+ app.register_blueprint(blueprint)
+ app.extensions["csrf"].exempt(blueprint)
Review Comment:
Should we have TWO methods instead ? One for APIs and one for UI ?
```python
def get_api_endpoints():
# return API endpoints
def get_ui_blueprints():
# return UI blueprints
```
The first would be without CSRF the seond with. I think that would make more
sense. They could (should ?) be even intitialized in different place.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
