planoe-cloudera opened a new issue #17255: URL: https://github.com/apache/airflow/issues/17255
**Apache Airflow version**: 2.1.0 **Environment**: - **Cloud provider or hardware configuration**: Azure - **OS** (e.g. from /etc/os-release): RHEL8.3 - **Kernel** (e.g. `uname -a`): Linux 7db15dac176b 5.10.25-linuxkit # 1 SMP Tue Mar 23 09:27:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux **What happened**: When x_frame_enabled is default or set to true, embedding Airflow is not working since X-Frame-Options is set to "DENY" **What you expected to happen**: When x_frame_enabled is default or set to true, embedding Airflow is working **How to reproduce it**: leave x_frame_enabled to default or set it to true and try to embed it in an iFrame for instance and it will not work. Setting it to "False" is the current workaround since the if condition does not seem to be correct. **Anything else we need to know**: broken code in Airflow 2: https://github.com/apache/airflow/blob/080132254b06127a6e2e8a2e23ceed6a7859d498/airflow/www/extensions/init_security.py#L26 if x_frame_enabled is enabled it will apply the DENY header, which was not the case in Airflow 1: https://github.com/apache/airflow/blob/d3b066931191b82880d216af103517ea941c74ba/airflow/www_rbac/app.py#L274 since if was only setting the header in case it is NOT enabled. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
