feat: implement brefore_request to handle CSRF exemption logic.

sudiptob2 · sudiptob2 · commit 08f478329fff · 2024-02-26T09:52:40.000-05:00
Signed-off-by: sudipto baral &lt;sudiptobaral.me@gmail.com&gt;
diff --git a/airflow/www/app.py b/airflow/www/app.py
@@ -21,6 +21,7 @@
 from datetime import timedelta
 
 import connexion
+from flask import request
 from flask_appbuilder import SQLA
 from flask_wtf.csrf import CSRFProtect
 from markupsafe import Markup
@@ -73,6 +74,15 @@ def create_app(config=None, testing=False):
     """Create a new instance of Airflow WWW app."""
     connexion_app = connexion.FlaskApp(__name__)
 
+    @connexion_app.app.before_request
+    def before_request():
+        """Exempts the view function associated with '/api/v1' requests from CSRF protection."""
+        if request.path.startswith("/api/v1"):  # TODO: make sure this path is correct
+            view_function = flask_app.view_functions.get(request.endpoint)
+            if view_function:
+                # Exempt the view function from CSRF protection
+                connexion_app.app.extensions["csrf"].exempt(view_function)
+
     connexion_app.add_middleware(
         CORSMiddleware,
         connexion.middleware.MiddlewarePosition.BEFORE_ROUTING,
