-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF configuration is missing the WTF_ prefix #8915
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
#8613 |
it's unrelated |
I'm not quite sure what you are asking us to do here -- the Once airflow has generated that file you are in control of what you put in it -- it lives in your Airflow install, not the airflow code base. Unless I've misunderstood here, there's nothing for us to do, and you've already found the correct setting to set. |
my bad, i should describe it more clearly
should be
without |
CSRF_ENABLED does nothing. Thankfully, due to sensible defaults in flask-wtf, CSRF is on by default, but we should set this correctly. Fixes apache#8915
@zachliu Ahha gotcha, yes. PR to fix that for new installs (we can't do anything about existing/already generated webserver_config.py, but at least it would stop some people tearing their hair out.) |
CSRF_ENABLED does nothing. Thankfully, due to sensible defaults in flask-wtf, CSRF is on by default, but we should set this correctly. Fixes #8915
…e#8944) CSRF_ENABLED does nothing. Thankfully, due to sensible defaults in flask-wtf, CSRF is on by default, but we should set this correctly. Fixes apache#8915 (cherry picked from commit 16206cd)
Apache Airflow version:
Kubernetes version (if you are using kubernetes) (use
kubectl version
):Environment:
Ubuntu 18.04 bionic
uname -a
):4.15.0-1065-aws
What happened:
I have been trying to update a certain CSRF configuration (
WTF_CSRF_TIME_LIMIT
) because I've been annoyed by theCSRF token has expired
error message whenever I stayed on a page for more than 1 hour and wanted torefresh
.What you expected to happen:
In
webserver_config.py
there is aCSRF_ENABLED = True
. So I addedCSRF_TIME_LIMIT = None
after that line. But it didn't work. After reading https://github.com/lepture/flask-wtf/blob/v0.14.2/flask_wtf/csrf.py, I realized that we neededWTF_CSRF_TIME_LIMIT
in mywebserver_config.py
. TheWTF_
prefix cannot be omitted.How to reproduce it:
CSRF_TIME_LIMIT = None
afterCSRF_ENABLED = True
inwebserver_config.py
.Refresh
button.CSRF token has expired
error messageAnything else we need to know:
I already forked Airflow. I guess I'll submit a simple PR to add the
WTF_
prefixThe text was updated successfully, but these errors were encountered: