You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Xiaodong DENG (JIRA)" <ji...@apache.org> on 2018/08/15 05:17:00 UTC

[jira] [Closed] (AIRFLOW-2886) Secure Flask SECRET_KEY

     [ https://issues.apache.org/jira/browse/AIRFLOW-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xiaodong DENG closed AIRFLOW-2886.
----------------------------------
    Resolution: Fixed

Fixed with commit https://github.com/apache/incubator-airflow/commit/f7602f8266559e55bc602a9639e3e1ab640f30e8

> Secure Flask SECRET_KEY
> -----------------------
>
>                 Key: AIRFLOW-2886
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2886
>             Project: Apache Airflow
>          Issue Type: Bug
>            Reporter: Xiaodong DENG
>            Assignee: Xiaodong DENG
>            Priority: Critical
>
> In my earlier PRs, [https://github.com/apache/incubator-airflow/pull/3651] and [https://github.com/apache/incubator-airflow/pull/3729] , I proposed to generate random SECRET_KEY for Flask App.
> If we have multiple workers for the Flask webserver, we may encounter CSRF error {{The CSRF session token is missing}} .
> On the other hand, it's still very important to have as random SECRET_KEY as possible for security reasons. We can deal with it like how we dealt with FERNET_KEY (i.e. generate a random value when the airflow.cfg file is initiated).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)