ephraimbuddy commented on pull request #15295: URL: https://github.com/apache/airflow/pull/15295#issuecomment-817873964
> > This is actually for a case where login is configured to be processed through the header. Airflow did not configure this, but users may configure it. > > Do you mean this would read the `Autorization` HTTP header? If so, maybe we should make `requires_access()` etc. able to handle this instead. It really feels weird that different authentication methods need to be handled in different places. It's even better we remove the flask.g, and check the request URL if it has '/api/' in it. Also yes, in some configurations for flask_login, it can accept HTTP header 'Autorization'. I'm deciding to leave this out, if user decides to configure it, then the user should also configure session interface -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
