potiuk commented on PR #37638:
URL: https://github.com/apache/airflow/pull/37638#issuecomment-1962894091

   > What the score will be in the airflow project?
   
   I assume the scope :) ?. I believe the scope is the base URL of Airflow 
webserver (not 100% sure how asg-csrf does it but that's what I understand it 
should be. The CSRF tokens we have are generated in the webserver views - and 
those are generated at the "base URL" (and anything that's deeper in the path) 
- and those csrf tokens are then used by the browser to make the calls to the 
API. 
   
   > I'm not sure about siginig_secret. Do I need to generate it or can get it 
from somewhere?
   
   We should use 
https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key
 - this is done usually by:
   
   ```python
   conf.get_mandatory_value("webserver", "secret_key")
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to