You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/04/13 02:10:32 UTC

[GitHub] [airflow] jhtimmins commented on a change in pull request #15295: Prevent creating flask sessions on REST API requests

jhtimmins commented on a change in pull request #15295:
URL: https://github.com/apache/airflow/pull/15295#discussion_r612078540



##########
File path: airflow/www/security.py
##########
@@ -170,7 +190,11 @@ def __init__(self, appbuilder):
             if not view or not getattr(view, 'datamodel', None):
                 continue
             view.datamodel = CustomSQLAInterface(view.datamodel.obj)
+        app = self.appbuilder.get_app
         self.perms = None
+        # Custom cookie session interface
+        # Override to implement your custom cookie session interface
+        app.session_interface = DefaultSessionInterface()

Review comment:
       The security manager is already in "god class" territory, so I think we should avoid moving anything else into it.
   
   If we really want users to be able to customize everything (which I don't necessarily think is the case), we can easily allow customization of the init functions in other ways.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org