potiuk commented on PR #37638: URL: https://github.com/apache/airflow/pull/37638#issuecomment-1962894091
> What the score will be in the airflow project? I assume the scope :) ?. I believe the scope is the base URL of Airflow webserver (not 100% sure how asg-csrf does it but that's what I understand it should be. The CSRF tokens we have are generated in the webserver views - and those are generated at the "base URL" (and anything that's deeper in the path) - and those csrf tokens are then used by the browser to make the calls to the API. > I'm not sure about siginig_secret. Do I need to generate it or can get it from somewhere? We should use https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key - this is done usually by: ```python conf.get_mandatory_value("webserver", "secret_key") ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
