Add stub pages and oauth-blessed request to /newui

appengine/swarming/app.yaml

Index: appengine/swarming/app.yaml
diff --git a/appengine/swarming/app.yaml b/appengine/swarming/app.yaml
index 4fcd930ca2fd94dfbe81eeaab8113c7c291a8293..059a7681208ad107343473e7c432f7d7e44b6b7e 100644
--- a/appengine/swarming/app.yaml
+++ b/appengine/swarming/app.yaml
@@ -66,6 +66,31 @@ handlers:
   secure: always
   login: admin
 
+# TODO(kjlubick): Consider moving elements/ to frontend/ so it is a bit more clear what the folder is about.
+- url: /newui/
+  static_files: elements/build/index-build.html
+  upload: elements/build/index-build.html
+  secure: always
+  http_headers:
+    # TODO(maruel): Unsure about polymer if it is inline-style free.

[M-A Ruel, 2016/07/25 16:30:21]

https://github.com/PolymerLabs/crisper fixes inline-js, I'm not sure if
inline-style is still relevant. Anyhow, the TODO should be assigned to kjlubick.

[kjlubick, 2016/07/25 17:54:51]

I just removed this and it seemed to work.

+    # TODO(maruel): Polymer abuses eval() and http://crbug.com/277857 gets in

[M-A Ruel, 2016/07/25 16:30:21]

This bug is closed.

[kjlubick, 2016/07/25 17:54:51]

I just removed this and it seemed to work.

+    # the way.
+    Content-Security-Policy: "default-src https: 'self' 'unsafe-inline' 'unsafe-eval'"
+    Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
+    X-Frame-Options: deny
+
+- url: /newui/(.+)
+  static_files: elements/build/\1-build.html
+  upload: elements/build/([^/]+)-build.html
+  secure: always
+  http_headers:
+    # TODO(maruel): Unsure about polymer if it is inline-style free.
+    # TODO(maruel): Polymer abuses eval() and http://crbug.com/277857 gets in
+    # the way.
+    Content-Security-Policy: "default-src https: 'self' 'unsafe-inline' 'unsafe-eval'"
+    Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
+    X-Frame-Options: deny
+
 - url: .*
   script: main.app
   secure: always