potiuk commented on issue #37452: URL: https://github.com/apache/airflow/issues/37452#issuecomment-1961652478
> We typically receive an 'Access Denied' message when a user lacks the necessary permissions. Displaying this message helps users understand that they do not have the required permission. In many cases this is bad security practise to reveal such condition to the user, it gives potential attacker more information that needed, so we deliberately opted for NOT FOUND in this case regardless whether the log file is there or whether you have badly configured system. This information is useless to the user, because the user cannot do anything about it, user has to report it to Deployment Manager (so person who manages airflow). And that person can (and SHOULD) look for details about the error in the log file of the webserver (and they will find it there all right). So this is all deliberate, secure and as expected. No changes are planned here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
