This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-9-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 5b58faeec2868328d9affcd0ca8c77e09bbb072c Author: Jarek Potiuk <[email protected]> AuthorDate: Fri May 10 19:54:03 2024 +0200 Add Cache-Control "no-store" to all dynamically generated content (#39550) This one prevents accidental storing of dynamic content containing potentially sensitive data in cache. The way we implemented it, we check if the response already contains "Cache-Control" - if it does then it means that this is a static content with default cache control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default). (cherry picked from commit 94eb647de692a4d9555b02dce85974da5d4c04e3) --- airflow/www/app.py | 2 ++ airflow/www/extensions/init_security.py | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/airflow/www/app.py b/airflow/www/app.py index 7f4405321f..31106b05eb 100644 --- a/airflow/www/app.py +++ b/airflow/www/app.py @@ -44,6 +44,7 @@ from airflow.www.extensions.init_manifest_files import configure_manifest_files from airflow.www.extensions.init_robots import init_robots from airflow.www.extensions.init_security import ( init_api_experimental_auth, + init_cache_control, init_check_user_active, init_xframe_protection, ) @@ -179,6 +180,7 @@ def create_app(config=None, testing=False): init_jinja_globals(flask_app) init_xframe_protection(flask_app) + init_cache_control(flask_app) init_airflow_session_interface(flask_app) init_check_user_active(flask_app) return flask_app diff --git a/airflow/www/extensions/init_security.py b/airflow/www/extensions/init_security.py index a7739e3231..8bf2c29fbf 100644 --- a/airflow/www/extensions/init_security.py +++ b/airflow/www/extensions/init_security.py @@ -66,6 +66,15 @@ def init_api_experimental_auth(app): raise AirflowException(err) +def init_cache_control(app): + def apply_cache_control(response): + if "Cache-Control" not in response.headers: + response.headers["Cache-Control"] = "no-store" + return response + + app.after_request(apply_cache_control) + + def init_check_user_active(app): @app.before_request def check_user_active():
