You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/06/19 15:22:23 UTC

[GitHub] [airflow] turbaszek commented on a change in pull request #9402: Restore airflow.www.app.csrf to avoid breaking change

turbaszek commented on a change in pull request #9402:
URL: https://github.com/apache/airflow/pull/9402#discussion_r442902242



##########
File path: docs/plugins.rst
##########
@@ -253,6 +253,20 @@ Airflow 1.10 introduced role based views using FlaskAppBuilder. You can configur
 ``rbac = True``. To support plugin views and links for both versions of the UI and maintain backwards compatibility,
 the fields ``appbuilder_views`` and ``appbuilder_menu_items`` were added to the ``AirflowTestPlugin`` class.
 
+Exclude views from CSRF protection
+----------------------------------
+
+We strongly suggest that you protect all your views with CSRF. But if needed, you can exclude

Review comment:
       ```suggestion
   We strongly suggest that you should protect all your views with CSRF. But if needed, you can exclude
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org