You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2022/01/22 23:10:34 UTC
[airflow] branch main updated: Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491)
This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 084079f Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491)
084079f is described below
commit 084079f446570ba43114857ea1a54df896201419
Author: Kanthi <su...@gmail.com>
AuthorDate: Sat Jan 22 18:09:51 2022 -0500
Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491)
---
airflow/www/extensions/init_security.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/airflow/www/extensions/init_security.py b/airflow/www/extensions/init_security.py
index 544deeb..2481a96 100644
--- a/airflow/www/extensions/init_security.py
+++ b/airflow/www/extensions/init_security.py
@@ -35,7 +35,8 @@ def init_xframe_protection(app):
return
def apply_caching(response):
- response.headers["X-Frame-Options"] = "DENY"
+ if not x_frame_enabled:
+ response.headers["X-Frame-Options"] = "DENY"
return response
app.after_request(apply_caching)