potiuk commented on code in PR #42057: URL: https://github.com/apache/airflow/pull/42057#discussion_r1746921315
########## docs/apache-airflow/security/security_model.rst: ########## @@ -81,7 +81,7 @@ Non-authenticated UI users .......................... Airflow doesn't support unauthenticated users by default. If allowed, potential vulnerabilities -must be assessed and addressed by the Deployment Manager. +must be assessed and addressed by the Deployment Manager. However, there are exceptions to this. The `/health` endpoint responsible to get health check updates should be publicly accessible. This is because other systems would want to retrieve that information. Another exception is the `/login` endpoint, as the users are expected to be unauthenticated to use it. Review Comment: ```suggestion must be assessed and addressed by the Deployment Manager. However, there are exceptions to this. The ``/health`` endpoint responsible to get health check updates should be publicly accessible. This is because other systems would want to retrieve that information. Another exception is the ``/login`` endpoint, as the users are expected to be unauthenticated to use it. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
