potiuk commented on code in PR #39055:
URL: https://github.com/apache/airflow/pull/39055#discussion_r1573342339
##########
airflow/www/app.py:
##########
@@ -49,35 +50,50 @@
)
from airflow.www.extensions.init_session import init_airflow_session_interface
from airflow.www.extensions.init_views import (
- init_api_auth_provider,
+ init_api_auth_manager,
init_api_connexion,
init_api_error_handlers,
init_api_experimental,
init_api_internal,
init_appbuilder_views,
+ init_cors_middleware,
init_error_handlers,
init_flash_views,
init_plugins,
)
from airflow.www.extensions.init_wsgi_middlewares import init_wsgi_middleware
app: Flask | None = None
-
+connexion_app: connexion.FlaskApp | None = None
# Initializes at the module level, so plugins can access it.
# See: /docs/plugins.rst
csrf = CSRFProtect()
-def create_app(config=None, testing=False):
+def create_connexion_app(config=None, testing=False):
"""Create a new instance of Airflow WWW app."""
- flask_app = Flask(__name__)
+ conn_app = connexion.FlaskApp(__name__)
+
+ @conn_app.app.before_request
+ def before_request():
+ """Exempts the view function associated with '/api/v1' requests from
CSRF protection."""
+ if request.path.startswith("/api/v1"): # TODO: make sure this path is
correct
+ view_function = conn_app.app.view_functions.get(request.endpoint)
+ if view_function:
+ # Exempt the view function from CSRF protection
+ conn_app.app.extensions["csrf"].exempt(view_function)
+
+ init_cors_middleware(conn_app)
+
+ flask_app = conn_app.app
Review Comment:
TODO: init_wsgl_middleware/proxy_fix does not work currently -> BASE_URL
does not work.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
