You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by as...@apache.org on 2021/09/03 14:37:29 UTC
[airflow] branch main updated: Allow specifying multiple URLs via
the CORS config option (#17941)
This is an automated email from the ASF dual-hosted git repository.
ash pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a88115e Allow specifying multiple URLs via the CORS config option (#17941)
a88115e is described below
commit a88115ea24a06f8706886a30e4f765aa4346ccc3
Author: GauthierSgds <89...@users.noreply.github.com>
AuthorDate: Fri Sep 3 16:37:11 2021 +0200
Allow specifying multiple URLs via the CORS config option (#17941)
---
airflow/config_templates/config.yml | 5 +++--
airflow/config_templates/default_airflow.cfg | 5 +++--
airflow/configuration.py | 1 +
airflow/www/extensions/init_views.py | 9 ++++++---
docs/apache-airflow/security/api.rst | 4 ++--
5 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml
index 9ae9b79..1b4223d 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -817,9 +817,10 @@
version_added: ~
example: ~
default: ""
- - name: access_control_allow_origin
+ - name: access_control_allow_origins
description: |
- Indicates whether the response can be shared with requesting code from the given origin.
+ Indicates whether the response can be shared with requesting code from the given origins.
+ Separate urls with space.
type: string
version_added: ~
example: ~
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index 8a05b20..1e5aea0 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -445,8 +445,9 @@ access_control_allow_headers =
# Specifies the method or methods allowed when accessing the resource.
access_control_allow_methods =
-# Indicates whether the response can be shared with requesting code from the given origin.
-access_control_allow_origin =
+# Indicates whether the response can be shared with requesting code from the given origins.
+# Separate urls with space.
+access_control_allow_origins =
[lineage]
# what lineage backend to use
diff --git a/airflow/configuration.py b/airflow/configuration.py
index 8897545..770c71d 100644
--- a/airflow/configuration.py
+++ b/airflow/configuration.py
@@ -172,6 +172,7 @@ class AirflowConfigParser(ConfigParser):
('core', 'default_pool_task_slot_count'): ('core', 'non_pooled_task_slot_count', '1.10.4'),
('core', 'max_active_tasks_per_dag'): ('core', 'dag_concurrency', '2.2.0'),
('logging', 'worker_log_server_port'): ('celery', 'worker_log_server_port', '2.3.0'),
+ ('api', 'access_control_allow_origins'): ('api', 'access_control_allow_origin', '2.2.0'),
}
# A mapping of old default values that we want to change and warn the user
diff --git a/airflow/www/extensions/init_views.py b/airflow/www/extensions/init_views.py
index 664757c..24ce277 100644
--- a/airflow/www/extensions/init_views.py
+++ b/airflow/www/extensions/init_views.py
@@ -154,13 +154,16 @@ def set_cors_headers_on_response(response):
"""Add response headers"""
allow_headers = conf.get('api', 'access_control_allow_headers')
allow_methods = conf.get('api', 'access_control_allow_methods')
- allow_origin = conf.get('api', 'access_control_allow_origin')
+ allow_origins = conf.get('api', 'access_control_allow_origins')
if allow_headers is not None:
response.headers['Access-Control-Allow-Headers'] = allow_headers
if allow_methods is not None:
response.headers['Access-Control-Allow-Methods'] = allow_methods
- if allow_origin is not None:
- response.headers['Access-Control-Allow-Origin'] = allow_origin
+ if allow_origins is not None:
+ allowed_origins = allow_origins.split(' ')
+ origin = request.environ.get('HTTP_ORIGIN', allowed_origins[0])
+ if origin in allowed_origins:
+ response.headers['Access-Control-Allow-Origin'] = origin
return response
diff --git a/docs/apache-airflow/security/api.rst b/docs/apache-airflow/security/api.rst
index 70c2b8e..872553e 100644
--- a/docs/apache-airflow/security/api.rst
+++ b/docs/apache-airflow/security/api.rst
@@ -145,7 +145,7 @@ from scripts running in the browser.
``Access-Control-Allow-Headers``, ``Access-Control-Allow-Methods``, and
``Access-Control-Allow-Origin`` headers can be added by setting values for
``access_control_allow_headers``, ``access_control_allow_methods``, and
-``access_control_allow_origin`` options in the ``[api]`` section of the
+``access_control_allow_origins`` options in the ``[api]`` section of the
``airflow.cfg`` file.
.. code-block:: ini
@@ -153,7 +153,7 @@ from scripts running in the browser.
[api]
access_control_allow_headers = origin, content-type, accept
access_control_allow_methods = POST, GET, OPTIONS, DELETE
- access_control_allow_origin = https://exampleclientapp.com
+ access_control_allow_origins = https://exampleclientapp1.com https://exampleclientapp2.com
Page size limit
---------------