response.headers["Strict-Transport-Security"] = app.config.get( "STRICT_TRANSPORT_SECURITY", "max-age=31536000;") response.headers["Content-Security-Policy"] = app.config.get( "CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'") return response Compress(app) # Endpoints required for the Balrog 2.0 UI. # In the Mozilla deployments of Balrog, both the the admin API (these endpoints) # and the static admin UI are hosted on the same domain. This API wsgi app is # hosted at "/api", which is stripped away by the web server before we see # these requests. app.add_url_rule("/csrf_token", view_func=CSRFView.as_view("csrf")) app.add_url_rule("/users", view_func=UsersView.as_view("users")) app.add_url_rule("/users/roles", view_func=AllRolesView.as_view("all_users_roles")) app.add_url_rule("/users/<username>", view_func=SpecificUserView.as_view("specific_user")) app.add_url_rule("/users/<username>/permissions", view_func=PermissionsView.as_view("user_permissions")) app.add_url_rule( "/users/<username>/permissions/<permission>", view_func=SpecificPermissionView.as_view("specific_permission")) app.add_url_rule("/users/<username>/roles", view_func=UserRolesView.as_view("user_roles")) app.add_url_rule("/users/<username>/roles/<role>", view_func=UserRoleView.as_view("user_role")) app.add_url_rule("/rules", view_func=RulesAPIView.as_view("rules"))
def csrf_get(): """GET /csrf_token""" return CSRFView().get()
def csrf_get(): return CSRFView().get()