You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/24 07:15:29 UTC

[GitHub] [airflow] potiuk commented on pull request #13870: Add authentication to experimental API endpoint.

potiuk commented on pull request #13870:
URL: https://github.com/apache/airflow/pull/13870#issuecomment-766304040


   > Hi @XD-DENG, sure, I agree with that. However, it still exists, and if anyone has it enabled, they would be vulnerable to a security issue, as I do not see any other authorization check on this endpoint. This would be unexpected by anyone who has authentication configured for the experimental API.
   > 
   > And, if anyone has set the `auth_backend` to `airflow.api.auth.backend.deny_all`, expecting it to disable the API, it would not apply to this endpoint.
   
   Yep. Agree - if that is a regression, we should fix it - while the stable API is deprecated, we still support it in 2.0 and regressions should be fixed.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org