You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/11/08 20:48:36 UTC

[GitHub] [airflow] SamWheating commented on a change in pull request #18557: Warning of public exposure of deployment in UI with on/off config

SamWheating commented on a change in pull request #18557:
URL: https://github.com/apache/airflow/pull/18557#discussion_r745081269



##########
File path: airflow/www/views.py
##########
@@ -702,6 +702,22 @@ def _iter_parsed_moved_data_table_names():
                 # Second segment is a version marker that we don't need to show.
                 yield segments[2], table_name
 
+        warn_deployment_query = session.query(Log).filter(Log.event == "robots").count()

Review comment:
       Should this be limited to the last week or something? The warning message explicitly states that `Recent requests have been made to /robots.txt` but this could be triggered by very old requests. 
   
   There's also no way to clear this entry without deleting the log event so it might persist for a long time, even if the vulnerability is fixed. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org