response.headers["Strict-Transport-Security"] = app.config.get(
"STRICT_TRANSPORT_SECURITY", "max-age=31536000;")
response.headers["Content-Security-Policy"] = app.config.get(
"CONTENT_SECURITY_POLICY",
"default-src 'none'; frame-ancestors 'none'")
return response
Compress(app)
# Endpoints required for the Balrog 2.0 UI.
# In the Mozilla deployments of Balrog, both the the admin API (these endpoints)
# and the static admin UI are hosted on the same domain. This API wsgi app is
# hosted at "/api", which is stripped away by the web server before we see
# these requests.
app.add_url_rule("/csrf_token", view_func=CSRFView.as_view("csrf"))
app.add_url_rule("/users", view_func=UsersView.as_view("users"))
app.add_url_rule("/users/roles",
view_func=AllRolesView.as_view("all_users_roles"))
app.add_url_rule("/users/<username>",
view_func=SpecificUserView.as_view("specific_user"))
app.add_url_rule("/users/<username>/permissions",
view_func=PermissionsView.as_view("user_permissions"))
app.add_url_rule(
"/users/<username>/permissions/<permission>",
view_func=SpecificPermissionView.as_view("specific_permission"))
app.add_url_rule("/users/<username>/roles",
view_func=UserRolesView.as_view("user_roles"))
app.add_url_rule("/users/<username>/roles/<role>",
view_func=UserRoleView.as_view("user_role"))
app.add_url_rule("/rules", view_func=RulesAPIView.as_view("rules"))
def csrf_get():
"""GET /csrf_token"""
return CSRFView().get()
def csrf_get():
return CSRFView().get()