You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bo...@apache.org on 2017/09/11 11:12:26 UTC

incubator-airflow git commit: [AIRFLOW-1584] Remove insecure /headers endpoint

Repository: incubator-airflow
Updated Branches:
  refs/heads/master e83012589 -> 17ac070b2


[AIRFLOW-1584] Remove insecure /headers endpoint

Closes #2588 from aoen/ddavydov--
remove_headers_endpoint


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/17ac070b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/17ac070b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/17ac070b

Branch: refs/heads/master
Commit: 17ac070b29bbf6ef80f3d7382d524d694464f498
Parents: e830125
Author: Dan Davydov <da...@airbnb.com>
Authored: Mon Sep 11 13:12:20 2017 +0200
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Mon Sep 11 13:12:20 2017 +0200

----------------------------------------------------------------------
 airflow/www/views.py | 14 --------------
 tests/core.py        |  4 ----
 2 files changed, 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/17ac070b/airflow/www/views.py
----------------------------------------------------------------------
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 80b9dd3..655d95a 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -629,20 +629,6 @@ class Airflow(BaseView):
     def noaccess(self):
         return self.render('airflow/noaccess.html')
 
-    @expose('/headers')
-    def headers(self):
-        d = {
-            'headers': {k: v for k, v in request.headers},
-        }
-        if hasattr(current_user, 'is_superuser'):
-            d['is_superuser'] = current_user.is_superuser()
-            d['data_profiling'] = current_user.data_profiling()
-            d['is_anonymous'] = current_user.is_anonymous()
-            d['is_authenticated'] = current_user.is_authenticated()
-        if hasattr(current_user, 'username'):
-            d['username'] = current_user.username
-        return wwwutils.json_response(d)
-
     @expose('/pickle_info')
     @login_required
     def pickle_info(self):

http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/17ac070b/tests/core.py
----------------------------------------------------------------------
diff --git a/tests/core.py b/tests/core.py
index e1a4664..8eeec82 100644
--- a/tests/core.py
+++ b/tests/core.py
@@ -1686,10 +1686,6 @@ class WebUiTests(unittest.TestCase):
         response = self.app.get('/health')
         self.assertIn('The server is healthy!', response.data.decode('utf-8'))
 
-    def test_headers(self):
-        response = self.app.get('/admin/airflow/headers')
-        self.assertIn('"headers":', response.data.decode('utf-8'))
-
     def test_noaccess(self):
         response = self.app.get('/admin/airflow/noaccess')
         self.assertIn("You don't seem to have access.", response.data.decode('utf-8'))