You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2020/08/29 17:28:16 UTC
[airflow] branch master updated: Exclude CSRF tokens in Log's
attribute "extra" in database (#10640)
This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/master by this push:
new 7431867 Exclude CSRF tokens in Log's attribute "extra" in database (#10640)
7431867 is described below
commit 7431867ac0525434e3c537e9514a33b4fa00a6be
Author: Xiaodong DENG <xd...@hotmail.com>
AuthorDate: Sat Aug 29 19:27:28 2020 +0200
Exclude CSRF tokens in Log's attribute "extra" in database (#10640)
---
airflow/www/decorators.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/airflow/www/decorators.py b/airflow/www/decorators.py
index d236df1..d73967a 100644
--- a/airflow/www/decorators.py
+++ b/airflow/www/decorators.py
@@ -43,11 +43,12 @@ def action_logging(f: T) -> T:
else:
user = g.user.username
+ fields_skip_logging = {'csrf_token', '_csrf_token'}
log = Log(
event=f.__name__,
task_instance=None,
owner=user,
- extra=str(list(request.values.items())),
+ extra=str([(k, v) for k, v in request.values.items() if k not in fields_skip_logging]),
task_id=request.values.get('task_id'),
dag_id=request.values.get('dag_id'))