pierrejeambrun commented on issue #49495: URL: https://github.com/apache/airflow/issues/49495#issuecomment-3018397415
@alkismavridis Thanks for investigation. That looks about right. - Feel free to open a PR to update the documentation, I'd be happy to review a PR in that sense and that's a super easy way to give back to the community for the free software we are all benefiting. (Also the proxy probably shouldn't override this if you're not sure that app served do not access cookies via JS) - I think we can leave it there, I believe that might be necessary in certain conditions. - Cookies are just used to pass down the JWT that will be stored in the local storage. Just to avoid passing the cookie down in the URL. JWT living in the localstorage is standard workflow, and beside the JWT, there's nothing else to steal in the cookie. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
