Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update example webserver_config.py to show correct CSRF config #8944

Merged
merged 1 commit into from
May 21, 2020
Merged

Update example webserver_config.py to show correct CSRF config #8944

merged 1 commit into from
May 21, 2020

Conversation

ashb
Copy link
Member

@ashb ashb commented May 21, 2020

CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes #8915

Make sure to mark the boxes below before creating PR: [x]

  • Description above provides context of the change
  • Unit tests coverage for changes (not needed for documentation changes)
  • Target Github ISSUE in description if exists
  • Commits follow "How to write a good git commit message"
  • Relevant documentation is updated including usage instructions.
  • I will engage committers as explained in Contribution Workflow Example.

In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.
Read the Pull Request Guidelines for more information.

@ashb
Update example webserver_config.py to show correct CSRF config
994771d 
CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes apache#8915
ashb
ashb commented May 21, 2020
View reviewed changes
airflow/config_templates/default_webserver_config.py
@@ -34,7 +34,7 @@
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')

# Flask-WTF flag for CSRF
CSRF_ENABLED = True
WTF_CSRF_ENABLED = True
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/lepture/flask-wtf/blob/v0.14.2/flask_wtf/csrf.py#L176-L189 is what reads this. I have confirmed that setting CSRF_ENABLE=False does nothing, but setting WTF_CSRF_ENABLED = False does correctly disable the requirement for CSRF.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍 👍

@ashb ashb added the area:webserver Webserver related Issues label May 21, 2020
@ashb ashb requested a review from mik-laj May 21, 2020 08:48
@ashb ashb merged commit 16206cd into apache:master May 21, 2020
@ashb ashb deleted the udpate-webserver-csrf-config branch May 21, 2020 11:12
@ashb ashb added this to the Airflow 1.10.11 milestone May 21, 2020
zachliu
zachliu reviewed May 21, 2020
View reviewed changes
Copy link
Contributor

@zachliu zachliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!!!

kaxil pushed a commit that referenced this pull request Jun 22, 2020
@ashb @kaxil
Update example webserver_config.py to show correct CSRF config (#8944)
c036cdf 
CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes #8915

(cherry picked from commit 16206cd)
potiuk pushed a commit that referenced this pull request Jun 29, 2020
@ashb @potiuk
Update example webserver_config.py to show correct CSRF config (#8944)
fd3779e 
CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes #8915

(cherry picked from commit 16206cd)
@kaxil kaxil added the type:improvement Changelog: Improvements label Jul 1, 2020
kaxil pushed a commit that referenced this pull request Jul 1, 2020
@ashb @kaxil
Update example webserver_config.py to show correct CSRF config (#8944)
e2adde3 
CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes #8915

(cherry picked from commit 16206cd)
cfei18 pushed a commit to cfei18/incubator-airflow that referenced this pull request Mar 5, 2021
@ashb
Update example webserver_config.py to show correct CSRF config (apach…
683cbab 
…e#8944)

CSRF_ENABLED does nothing.

Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.

Fixes apache#8915

(cherry picked from commit 16206cd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zachliu zachliu zachliu left review comments

@mik-laj mik-laj mik-laj approved these changes

Assignees
No one assigned
Labels
area:webserver Webserver related Issues type:improvement Changelog: Improvements
Projects
None yet
Milestone
Airflow 1.10.11
Development

Successfully merging this pull request may close these issues.

CSRF configuration is missing the WTF_ prefix
4 participants
@ashb @mik-laj @zachliu @kaxil