You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/05/19 18:36:10 UTC
[GitHub] [airflow] zachliu opened a new issue #8915: CSRF configuration is missing the WTF_ prefix
zachliu opened a new issue #8915:
URL: https://github.com/apache/airflow/issues/8915
<!--
Welcome to Apache Airflow! For a smooth issue process, try to answer the following questions.
Don't worry if they're not all applicable; just try to include what you can :-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
Please delete these comment blocks before submitting the issue.
-->
<!--
IMPORTANT!!!
PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
Please complete the next sections or the issue will be closed.
This questions are the first thing we need to know to understand the context.
-->
**Apache Airflow version**:
**Kubernetes version (if you are using kubernetes)** (use `kubectl version`):
**Environment**:
- **Cloud provider or hardware configuration**: AWS ECS
- **OS** (e.g. from /etc/os-release): `Ubuntu 18.04 bionic`
- **Kernel** (e.g. `uname -a`): `4.15.0-1065-aws`
- **Install tools**:
- **Others**:
**What happened**:
I have been trying to update a certain CSRF configuration (`WTF_CSRF_TIME_LIMIT`) because I've been annoyed by the `CSRF token has expired` error message whenever I stayed on a page for more than 1 hour and wanted to `refresh`.
<!-- (please include exact error messages if you can) -->
**What you expected to happen**:
In `webserver_config.py` there is a `CSRF_ENABLED = True`. So I added `CSRF_TIME_LIMIT = None` after that line. But it didn't work. After reading https://github.com/lepture/flask-wtf/blob/v0.14.2/flask_wtf/csrf.py, I realized that we needed `WTF_CSRF_TIME_LIMIT` in my `webserver_config.py`. The `WTF_` prefix cannot be omitted.
<!-- What do you think went wrong? -->
**How to reproduce it**:
<!---
As minimally and precisely as possible. Keep in mind we do not have access to your cluster or dags.
If you are using kubernetes, please attempt to recreate the issue using minikube or kind.
## Install minikube/kind
- Minikube https://minikube.sigs.k8s.io/docs/start/
- Kind https://kind.sigs.k8s.io/docs/user/quick-start/
If this is a UI bug, please provide a screenshot of the bug or a link to a youtube video of the bug in action
You can include images using the .md sytle of
To record a screencast, mac users can use QuickTime and then create an unlisted youtube video with the resulting .mov file.
--->
1. Add `CSRF_TIME_LIMIT = None` after `CSRF_ENABLED = True` in `webserver_config.py`.
2. Re-deploy.
3. Go to any DAG's tree view.
4. Stay there for more than 1 hour.
5. Click the `Refresh` button.
6. See the `CSRF token has expired` error message
**Anything else we need to know**:
<!--
How often does this problem occur? Once? Every time etc?
Any relevant logs to include? Put them here in side a detail tag:
<details><summary>x.log</summary> lots of stuff </details>
-->
I already forked Airflow. I guess I'll submit a simple PR to add the `WTF_` prefix
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb closed issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
ashb closed issue #8915:
URL: https://github.com/apache/airflow/issues/8915
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
ashb commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631965434
@zachliu Ahha gotcha, yes. PR to fix that for new installs (we can't do anything about existing/already generated webserver_config.py, but at least it would stop some people tearing their hair out.)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] zachliu commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
zachliu commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631777737
> I'm not quite sure what you are asking us to do here -- the `webserver_config.py` that airflow generates does not set a time limit, `CSRF_TIME_LIMIT` or `WTF_CSRF_TIME_LIMIT`.
>
> Once airflow has generated that file _you_ are in control of what you put in it -- it lives in your Airflow install, not the airflow code base.
>
> Unless I've misunderstood here, there's nothing for us to do, and you've already found the correct setting to set.
my bad, i should describe it more clearly
the `CSRF_ENABLED = True` in this file in airflow's code base
https://github.com/apache/airflow/blob/51d955787b009b9e3a88f3e9b4ca1a3933a061f0/airflow/config_templates/default_webserver_config.py#L37
should be
```
WTF_CSRF_ENABLED = True
```
without `WTF_` that line is useless
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
ashb commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631764412
I'm not quite sure what you are asking us to do here -- the `webserver_config.py` that airflow generates does not set a time limit, `CSRF_TIME_LIMIT` or `WTF_CSRF_TIME_LIMIT`.
Once airflow has generated that file _you_ are in control of what you put in it -- it lives in your Airflow install, not the airflow code base.
Unless I've misunderstood here, there's nothing for us to do, and you've already found the correct setting to set.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] zachliu commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
zachliu commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631014238
it's unrelated
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] ashb closed issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
ashb closed issue #8915:
URL: https://github.com/apache/airflow/issues/8915
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] mik-laj commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
mik-laj commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631012876
https://github.com/apache/airflow/issues/8613
Is it related? Can you check it?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #8915: CSRF configuration is missing the WTF_ prefix
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #8915:
URL: https://github.com/apache/airflow/issues/8915#issuecomment-631004694
Thanks for opening your first issue here! Be sure to follow the issue template!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org