You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bo...@apache.org on 2017/09/11 11:12:26 UTC
incubator-airflow git commit: [AIRFLOW-1584] Remove insecure /headers
endpoint
Repository: incubator-airflow
Updated Branches:
refs/heads/master e83012589 -> 17ac070b2
[AIRFLOW-1584] Remove insecure /headers endpoint
Closes #2588 from aoen/ddavydov--
remove_headers_endpoint
Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/17ac070b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/17ac070b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/17ac070b
Branch: refs/heads/master
Commit: 17ac070b29bbf6ef80f3d7382d524d694464f498
Parents: e830125
Author: Dan Davydov <da...@airbnb.com>
Authored: Mon Sep 11 13:12:20 2017 +0200
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Mon Sep 11 13:12:20 2017 +0200
----------------------------------------------------------------------
airflow/www/views.py | 14 --------------
tests/core.py | 4 ----
2 files changed, 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/17ac070b/airflow/www/views.py
----------------------------------------------------------------------
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 80b9dd3..655d95a 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -629,20 +629,6 @@ class Airflow(BaseView):
def noaccess(self):
return self.render('airflow/noaccess.html')
- @expose('/headers')
- def headers(self):
- d = {
- 'headers': {k: v for k, v in request.headers},
- }
- if hasattr(current_user, 'is_superuser'):
- d['is_superuser'] = current_user.is_superuser()
- d['data_profiling'] = current_user.data_profiling()
- d['is_anonymous'] = current_user.is_anonymous()
- d['is_authenticated'] = current_user.is_authenticated()
- if hasattr(current_user, 'username'):
- d['username'] = current_user.username
- return wwwutils.json_response(d)
-
@expose('/pickle_info')
@login_required
def pickle_info(self):
http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/17ac070b/tests/core.py
----------------------------------------------------------------------
diff --git a/tests/core.py b/tests/core.py
index e1a4664..8eeec82 100644
--- a/tests/core.py
+++ b/tests/core.py
@@ -1686,10 +1686,6 @@ class WebUiTests(unittest.TestCase):
response = self.app.get('/health')
self.assertIn('The server is healthy!', response.data.decode('utf-8'))
- def test_headers(self):
- response = self.app.get('/admin/airflow/headers')
- self.assertIn('"headers":', response.data.decode('utf-8'))
-
def test_noaccess(self):
response = self.app.get('/admin/airflow/noaccess')
self.assertIn("You don't seem to have access.", response.data.decode('utf-8'))