You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by as...@apache.org on 2021/09/03 14:37:29 UTC

[airflow] branch main updated: Allow specifying multiple URLs via the CORS config option (#17941)

This is an automated email from the ASF dual-hosted git repository.

ash pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new a88115e  Allow specifying multiple URLs via the CORS config option (#17941)
a88115e is described below

commit a88115ea24a06f8706886a30e4f765aa4346ccc3
Author: GauthierSgds <89...@users.noreply.github.com>
AuthorDate: Fri Sep 3 16:37:11 2021 +0200

    Allow specifying multiple URLs via the CORS config option (#17941)
---
 airflow/config_templates/config.yml          | 5 +++--
 airflow/config_templates/default_airflow.cfg | 5 +++--
 airflow/configuration.py                     | 1 +
 airflow/www/extensions/init_views.py         | 9 ++++++---
 docs/apache-airflow/security/api.rst         | 4 ++--
 5 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml
index 9ae9b79..1b4223d 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -817,9 +817,10 @@
       version_added: ~
       example: ~
       default: ""
-    - name: access_control_allow_origin
+    - name: access_control_allow_origins
       description: |
-        Indicates whether the response can be shared with requesting code from the given origin.
+        Indicates whether the response can be shared with requesting code from the given origins.
+        Separate urls with space.
       type: string
       version_added: ~
       example: ~
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index 8a05b20..1e5aea0 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -445,8 +445,9 @@ access_control_allow_headers =
 # Specifies the method or methods allowed when accessing the resource.
 access_control_allow_methods =
 
-# Indicates whether the response can be shared with requesting code from the given origin.
-access_control_allow_origin =
+# Indicates whether the response can be shared with requesting code from the given origins.
+# Separate urls with space.
+access_control_allow_origins =
 
 [lineage]
 # what lineage backend to use
diff --git a/airflow/configuration.py b/airflow/configuration.py
index 8897545..770c71d 100644
--- a/airflow/configuration.py
+++ b/airflow/configuration.py
@@ -172,6 +172,7 @@ class AirflowConfigParser(ConfigParser):
         ('core', 'default_pool_task_slot_count'): ('core', 'non_pooled_task_slot_count', '1.10.4'),
         ('core', 'max_active_tasks_per_dag'): ('core', 'dag_concurrency', '2.2.0'),
         ('logging', 'worker_log_server_port'): ('celery', 'worker_log_server_port', '2.3.0'),
+        ('api', 'access_control_allow_origins'): ('api', 'access_control_allow_origin', '2.2.0'),
     }
 
     # A mapping of old default values that we want to change and warn the user
diff --git a/airflow/www/extensions/init_views.py b/airflow/www/extensions/init_views.py
index 664757c..24ce277 100644
--- a/airflow/www/extensions/init_views.py
+++ b/airflow/www/extensions/init_views.py
@@ -154,13 +154,16 @@ def set_cors_headers_on_response(response):
     """Add response headers"""
     allow_headers = conf.get('api', 'access_control_allow_headers')
     allow_methods = conf.get('api', 'access_control_allow_methods')
-    allow_origin = conf.get('api', 'access_control_allow_origin')
+    allow_origins = conf.get('api', 'access_control_allow_origins')
     if allow_headers is not None:
         response.headers['Access-Control-Allow-Headers'] = allow_headers
     if allow_methods is not None:
         response.headers['Access-Control-Allow-Methods'] = allow_methods
-    if allow_origin is not None:
-        response.headers['Access-Control-Allow-Origin'] = allow_origin
+    if allow_origins is not None:
+        allowed_origins = allow_origins.split(' ')
+        origin = request.environ.get('HTTP_ORIGIN', allowed_origins[0])
+        if origin in allowed_origins:
+            response.headers['Access-Control-Allow-Origin'] = origin
     return response
 
 
diff --git a/docs/apache-airflow/security/api.rst b/docs/apache-airflow/security/api.rst
index 70c2b8e..872553e 100644
--- a/docs/apache-airflow/security/api.rst
+++ b/docs/apache-airflow/security/api.rst
@@ -145,7 +145,7 @@ from scripts running in the browser.
 ``Access-Control-Allow-Headers``, ``Access-Control-Allow-Methods``, and
 ``Access-Control-Allow-Origin`` headers can be added by setting values for
 ``access_control_allow_headers``, ``access_control_allow_methods``, and
-``access_control_allow_origin`` options in the ``[api]`` section of the
+``access_control_allow_origins`` options in the ``[api]`` section of the
 ``airflow.cfg`` file.
 
 .. code-block:: ini
@@ -153,7 +153,7 @@ from scripts running in the browser.
     [api]
     access_control_allow_headers = origin, content-type, accept
     access_control_allow_methods = POST, GET, OPTIONS, DELETE
-    access_control_allow_origin = https://exampleclientapp.com
+    access_control_allow_origins = https://exampleclientapp1.com https://exampleclientapp2.com
 
 Page size limit
 ---------------