Satoshi-Sh commented on PR #37638:
URL: https://github.com/apache/airflow/pull/37638#issuecomment-1962759936
## Problem
Due to the upgrading connextion v3, we cannot access blueprints( they moved
the blueprint registration code inside their codebase). We used the returned
blueprint to make exemptions to accept HTTP(S) requests without "csrf token" in
the header. When the auth-token is in the header, the client doesn't include a
csrf token. That's why we get csrf token missing error with
`test_python_client.py`
@RobbeSneyders suggested utilizing the middleware library [asgi-csrf](url)
to do the same without using blueprints.
```
def skip_api_paths(scope)
return scope["path"].startswith("/api/")
app = asgi_csrf(
app,
signing_secret="secret-goes-here",
skip_if_scope=skip_api_paths
)
```
This is a sample code to make csrf-token exemption.
- What the score will be in the airflow project?
- I'm not sure about siginig_secret. Do I need to generate it or can get it
from somewhere?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
