You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Andrea Bonomi (JIRA)" <ji...@apache.org> on 2019/04/01 08:50:01 UTC
[jira] [Created] (AIRFLOW-4212) @csrf.exempt decorator is ignored
with AppBuilder gui
Andrea Bonomi created AIRFLOW-4212:
--------------------------------------
Summary: @csrf.exempt decorator is ignored with AppBuilder gui
Key: AIRFLOW-4212
URL: https://issues.apache.org/jira/browse/AIRFLOW-4212
Project: Apache Airflow
Issue Type: Bug
Components: api
Affects Versions: 1.10.2
Reporter: Andrea Bonomi
Attachments: airflow_plugin_test.py
The AppBuilder gui ignores the @csrf.exempt decorator.
Flask Admin example
{code:java}
class AdminTestView(flask_admin.BaseView):
@csrf.exempt # exempt the CSRF token
@flask_admin.expose('/test', methods=[ 'POST' ])
def test(self):
return 'test'
{code}
You can POST to the test without errors.
AppBuilder
{code:java}
class AppBuilderTestView(flask_appbuilder.BaseView):
@csrf.exempt # exempt the CSRF token
@flask_appbuilder.expose('/test', methods=[ 'POST' ])
def test(self):
return 'test'{code}
You received the "The CSRF token is missing." error.
My ugly workaround is the following
{code:java}
try:
from airflow.www_rbac.app import csrf as rbac_csrf
if rbac_csrf is not None:
appbuilder_test_location = '%s.%s' % (appbuilder_test_view.__module__, 'test')
rbac_csrf.exempt(appbuilder_test_location)
except:
pass
{code}
(e.g. [https://github.com/andreax79/airflow-gitlab-webhook/blob/master/airflow_gitlab_webhook/airflow_gitlab_webhook.py] )
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)