You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ep...@apache.org on 2023/02/15 08:36:52 UTC

[airflow] branch main updated: Change expose_hostname default to false (#29547)

This is an automated email from the ASF dual-hosted git repository.

ephraimanierobi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new f0d90497da Change expose_hostname default to false (#29547)
f0d90497da is described below

commit f0d90497da83a7518a6c6fc365ea992e9e699bfd
Author: Jed Cunningham <66...@users.noreply.github.com>
AuthorDate: Wed Feb 15 02:36:20 2023 -0600

    Change expose_hostname default to false (#29547)
---
 airflow/config_templates/config.yml          |  2 +-
 airflow/config_templates/default_airflow.cfg |  2 +-
 airflow/www/auth.py                          |  2 +-
 airflow/www/extensions/init_jinja_globals.py |  2 +-
 airflow/www/views.py                         | 12 ++++--------
 newsfragments/29547.significant.rst          |  3 +++
 6 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/airflow/config_templates/config.yml b/airflow/config_templates/config.yml
index 70013d1347..eed20e351c 100644
--- a/airflow/config_templates/config.yml
+++ b/airflow/config_templates/config.yml
@@ -1340,7 +1340,7 @@ webserver:
       version_added: 1.10.8
       type: string
       example: ~
-      default: "True"
+      default: "False"
     expose_stacktrace:
       description: |
         Expose stacktrace in the web server
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
index 15fd6bb6f4..a4b03c8764 100644
--- a/airflow/config_templates/default_airflow.cfg
+++ b/airflow/config_templates/default_airflow.cfg
@@ -701,7 +701,7 @@ access_logformat =
 expose_config = False
 
 # Expose hostname in the web server
-expose_hostname = True
+expose_hostname = False
 
 # Expose stacktrace in the web server
 expose_stacktrace = False
diff --git a/airflow/www/auth.py b/airflow/www/auth.py
index d332620e6b..8fdafa1f63 100644
--- a/airflow/www/auth.py
+++ b/airflow/www/auth.py
@@ -50,7 +50,7 @@ def has_access(permissions: Sequence[tuple[str, str]] | None = None) -> Callable
                     render_template(
                         "airflow/no_roles_permissions.html",
                         hostname=get_hostname()
-                        if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+                        if conf.getboolean("webserver", "EXPOSE_HOSTNAME")
                         else "redact",
                         logout_url=appbuilder.get_url_for_logout,
                     ),
diff --git a/airflow/www/extensions/init_jinja_globals.py b/airflow/www/extensions/init_jinja_globals.py
index 34d783018d..1cbb0a1273 100644
--- a/airflow/www/extensions/init_jinja_globals.py
+++ b/airflow/www/extensions/init_jinja_globals.py
@@ -43,7 +43,7 @@ def init_jinja_globals(app):
     if not default_ui_timezone:
         default_ui_timezone = server_timezone
 
-    expose_hostname = conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
+    expose_hostname = conf.getboolean("webserver", "EXPOSE_HOSTNAME")
     hostname = get_hostname() if expose_hostname else "redact"
 
     try:
diff --git a/airflow/www/views.py b/airflow/www/views.py
index a1c8b2cb03..b4f54cd504 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -566,9 +566,7 @@ def not_found(error):
     return (
         render_template(
             "airflow/error.html",
-            hostname=get_hostname()
-            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
-            else "redact",
+            hostname=get_hostname() if conf.getboolean("webserver", "EXPOSE_HOSTNAME") else "redact",
             status_code=404,
             error_message="Page cannot be found.",
         ),
@@ -581,9 +579,7 @@ def method_not_allowed(error):
     return (
         render_template(
             "airflow/error.html",
-            hostname=get_hostname()
-            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True)
-            else "redact",
+            hostname=get_hostname() if conf.getboolean("webserver", "EXPOSE_HOSTNAME") else "redact",
             status_code=405,
             error_message="Received an invalid request.",
         ),
@@ -599,10 +595,10 @@ def show_traceback(error):
             python_version=sys.version.split(" ")[0] if g.user.is_authenticated else "redact",
             airflow_version=version if g.user.is_authenticated else "redact",
             hostname=get_hostname()
-            if conf.getboolean("webserver", "EXPOSE_HOSTNAME", fallback=True) and g.user.is_authenticated
+            if conf.getboolean("webserver", "EXPOSE_HOSTNAME") and g.user.is_authenticated
             else "redact",
             info=traceback.format_exc()
-            if conf.getboolean("webserver", "EXPOSE_STACKTRACE", fallback=True) and g.user.is_authenticated
+            if conf.getboolean("webserver", "EXPOSE_STACKTRACE") and g.user.is_authenticated
             else "Error! Please contact server admin.",
         ),
         500,
diff --git a/newsfragments/29547.significant.rst b/newsfragments/29547.significant.rst
new file mode 100644
index 0000000000..2a9f4c45c3
--- /dev/null
+++ b/newsfragments/29547.significant.rst
@@ -0,0 +1,3 @@
+Default for ``[webserver] expose_hostname`` changed to ``False``
+
+The default for ``[webserver] expose_hostname`` has been set to ``False``, instead of ``True``. This means administrators must opt-in to expose webserver hostnames to end users.