Beispiel #1
0
        "CONTENT_SECURITY_POLICY",
        "default-src 'none'; frame-ancestors 'none'")
    return response


Compress(app)

# Endpoints required for the Balrog 2.0 UI.
# In the Mozilla deployments of Balrog, both the the admin API (these endpoints)
# and the static admin UI are hosted on the same domain. This API wsgi app is
# hosted at "/api", which is stripped away by the web server before we see
# these requests.
app.add_url_rule("/csrf_token", view_func=CSRFView.as_view("csrf"))
app.add_url_rule("/users", view_func=UsersView.as_view("users"))
app.add_url_rule("/users/roles",
                 view_func=AllRolesView.as_view("all_users_roles"))
app.add_url_rule("/users/<username>",
                 view_func=SpecificUserView.as_view("specific_user"))
app.add_url_rule("/users/<username>/permissions",
                 view_func=PermissionsView.as_view("user_permissions"))
app.add_url_rule(
    "/users/<username>/permissions/<permission>",
    view_func=SpecificPermissionView.as_view("specific_permission"))
app.add_url_rule("/users/<username>/roles",
                 view_func=UserRolesView.as_view("user_roles"))
app.add_url_rule("/users/<username>/roles/<role>",
                 view_func=UserRoleView.as_view("user_role"))
app.add_url_rule("/rules", view_func=RulesAPIView.as_view("rules"))
# Normal operations (get/update/delete) on rules can be done by id or alias...
app.add_url_rule("/rules/<id_or_alias>",
                 view_func=SingleRuleView.as_view("rule"))
Beispiel #2
0
        response.headers['X-Frame-Options'] = 'SAMEORIGIN'
    else:
        response.headers["Content-Security-Policy"] = \
            app.config.get("CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'")
    return response


Compress(app)


# Endpoints required for the Balrog 2.0 UI.
# In the Mozilla deployments of Balrog, both the the admin API (these endpoints)
# and the static admin UI are hosted on the same domain. This API wsgi app is
# hosted at "/api", which is stripped away by the web server before we see
# these requests.
app.add_url_rule("/users/roles", view_func=AllRolesView.as_view("all_users_roles"))
app.add_url_rule("/users/<username>", view_func=SpecificUserView.as_view("specific_user"))
app.add_url_rule("/users/<username>/permissions", view_func=PermissionsView.as_view("user_permissions"))
app.add_url_rule("/users/<username>/permissions/<permission>", view_func=SpecificPermissionView.as_view("specific_permission"))
app.add_url_rule("/users/<username>/roles", view_func=UserRolesView.as_view("user_roles"))
app.add_url_rule("/users/<username>/roles/<role>", view_func=UserRoleView.as_view("user_role"))
# Normal operations (get/update/delete) on rules can be done by id or alias...
app.add_url_rule("/rules/<id_or_alias>", view_func=SingleRuleView.as_view("rule"))
app.add_url_rule("/rules/columns/<column>", view_func=SingleRuleColumnView.as_view("rule_columns"))
# ...but anything to do with history must be done by id, beacuse alias may change over time
app.add_url_rule("/rules/<int:rule_id>/revisions", view_func=RuleHistoryAPIView.as_view("rules_revisions"))
app.add_url_rule("/releases", view_func=ReleasesAPIView.as_view("releases"))
app.add_url_rule("/releases/<release>", view_func=SingleReleaseView.as_view("single_release"))
app.add_url_rule("/releases/<release>/read_only", view_func=ReleaseReadOnlyView.as_view("read_only"))
app.add_url_rule("/releases/<release>/builds/<platform>/<locale>", view_func=SingleLocaleView.as_view("single_locale"))
app.add_url_rule("/releases/<release>/revisions", view_func=ReleaseHistoryView.as_view("release_revisions"))