This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch sync_v2_10_test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 1d005eb2f07e4b8020e26779b33a75ba537acef3 Author: Jens Scheffler <[email protected]> AuthorDate: Sun Sep 8 05:47:40 2024 +0200 Update security_model.rst to clear unauthenticated endpoints exceptions (#42057) (#42085) * Update security_model.rst Fixing confusion on exception to unauthenticated endpoints. * Update security_model.rst Fixed grammar and spell mistakes. * Update docs/apache-airflow/security/security_model.rst * Update docs/apache-airflow/security/security_model.rst --------- Co-authored-by: Jarek Potiuk <[email protected]> (cherry picked from commit 6f0af8879fbfdf925b0d5840df95eead94f6ec52) Co-authored-by: SaurabhhB <[email protected]> --- docs/apache-airflow/security/security_model.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst index 24bf7b8603..0181710bda 100644 --- a/docs/apache-airflow/security/security_model.rst +++ b/docs/apache-airflow/security/security_model.rst @@ -81,7 +81,7 @@ Non-authenticated UI users .......................... Airflow doesn't support unauthenticated users by default. If allowed, potential vulnerabilities -must be assessed and addressed by the Deployment Manager. +must be assessed and addressed by the Deployment Manager. However, there are exceptions to this. The ``/health`` endpoint responsible to get health check updates should be publicly accessible. This is because other systems would want to retrieve that information. Another exception is the ``/login`` endpoint, as the users are expected to be unauthenticated to use it. Capabilities of authenticated UI users --------------------------------------
