You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Andrea Bonomi (JIRA)" <ji...@apache.org> on 2019/04/01 08:50:01 UTC

[jira] [Created] (AIRFLOW-4212) @csrf.exempt decorator is ignored with AppBuilder gui

Andrea Bonomi created AIRFLOW-4212:
--------------------------------------

             Summary: @csrf.exempt decorator is ignored with AppBuilder gui
                 Key: AIRFLOW-4212
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4212
             Project: Apache Airflow
          Issue Type: Bug
          Components: api
    Affects Versions: 1.10.2
            Reporter: Andrea Bonomi
         Attachments: airflow_plugin_test.py

The AppBuilder gui ignores the @csrf.exempt decorator.

Flask Admin example
{code:java}
class AdminTestView(flask_admin.BaseView):

    @csrf.exempt # exempt the CSRF token
    @flask_admin.expose('/test', methods=[ 'POST' ])
    def test(self):
        return 'test'
{code}
You can POST to the test without errors.

AppBuilder
{code:java}
class AppBuilderTestView(flask_appbuilder.BaseView):

    @csrf.exempt # exempt the CSRF token
    @flask_appbuilder.expose('/test', methods=[ 'POST' ])
    def test(self):
        return 'test'{code}
You received the "The CSRF token is missing." error.

My ugly workaround is the following
{code:java}
try:
    from airflow.www_rbac.app import csrf as rbac_csrf
    if rbac_csrf is not None:
        appbuilder_test_location = '%s.%s' % (appbuilder_test_view.__module__, 'test')
        rbac_csrf.exempt(appbuilder_test_location)
except:
    pass
{code}
(e.g. [https://github.com/andreax79/airflow-gitlab-webhook/blob/master/airflow_gitlab_webhook/airflow_gitlab_webhook.py] )

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)