You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/12 08:45:19 UTC

[GitHub] [airflow] ashb commented on a change in pull request #15295: Prevent creating flask sessions on REST API requests

ashb commented on a change in pull request #15295:
URL: https://github.com/apache/airflow/pull/15295#discussion_r611438996



##########
File path: airflow/www/security.py
##########
@@ -44,6 +46,24 @@
 }
 
 
+class DefaultSessionInterface(SecureCookieSessionInterface):
+    """
+    Default cookie session interface.
+    This prevents creating flask sessions on REST API requests.
+    """
+
+    def save_session(self, *args, **kwargs):
+        """Prevent creating session from REST API requests."""
+        if g.get('login_from_api'):
+            return None
+        return super().save_session(*args, **kwargs)
+
+    @user_loaded_from_header.connect
+    def user_loaded_from_header(self, user=None):  # pylint: disable=unused-argument
+        """Set login_from_api in g"""

Review comment:
       This comment does't add any "value" -- we can see that it's doing this.
   
   Either don't have a docstring here, or say _why_ we are setting this.
   
   Additionlay: why do we need this and the change in airflow/api_connexion/security.py?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org