You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/05/21 08:43:24 UTC

[GitHub] [airflow] ashb opened a new pull request #8944: Update example webserver_config.py to show correct CSRF config

ashb opened a new pull request #8944:
URL: https://github.com/apache/airflow/pull/8944


   CSRF_ENABLED does nothing.
   
   Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
   default, but we should set this correctly.
   
   Fixes #8915
   
   
   ---
   Make sure to mark the boxes below before creating PR: [x]
   
   - [x] Description above provides context of the change
   - [x] Unit tests coverage for changes (not needed for documentation changes)
   - [x] Target Github ISSUE in description if exists
   - [x] Commits follow "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)"
   - [x] Relevant documentation is updated including usage instructions.
   - [x] I will engage committers as explained in [Contribution Workflow Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example).
   
   ---
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   Read the [Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines) for more information.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] zachliu commented on a change in pull request #8944: Update example webserver_config.py to show correct CSRF config

Posted by GitBox <gi...@apache.org>.

zachliu commented on a change in pull request #8944:
URL: https://github.com/apache/airflow/pull/8944#discussion_r428683403



##########
File path: airflow/config_templates/default_webserver_config.py
##########
@@ -34,7 +34,7 @@
 SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
 
 # Flask-WTF flag for CSRF
-CSRF_ENABLED = True
+WTF_CSRF_ENABLED = True

Review comment:
       :+1: :+1: :+1: 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb merged pull request #8944: Update example webserver_config.py to show correct CSRF config

Posted by GitBox <gi...@apache.org>.

ashb merged pull request #8944:
URL: https://github.com/apache/airflow/pull/8944


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ashb commented on a change in pull request #8944: Update example webserver_config.py to show correct CSRF config

Posted by GitBox <gi...@apache.org>.

ashb commented on a change in pull request #8944:
URL: https://github.com/apache/airflow/pull/8944#discussion_r428525338



##########
File path: airflow/config_templates/default_webserver_config.py
##########
@@ -34,7 +34,7 @@
 SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
 
 # Flask-WTF flag for CSRF
-CSRF_ENABLED = True
+WTF_CSRF_ENABLED = True

Review comment:
       https://github.com/lepture/flask-wtf/blob/v0.14.2/flask_wtf/csrf.py#L176-L189 is what reads this. I have confirmed that setting `CSRF_ENABLE=False` does nothing, but setting `WTF_CSRF_ENABLED = False` does correctly disable the requirement for CSRF.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org