vincbeck commented on PR #53542:
URL: https://github.com/apache/airflow/pull/53542#issuecomment-3136667236
> > We marked these configs as deleted in
`airflow-ctl/src/airflowctl/ctl/commands/config_command.py`. If we want to use
them back, we should them remove them from
`airflow-ctl/src/airflowctl/ctl/commands/config_command.py` as well.
>
> Hi @vincelevey , I don't necessarily need these options back, but I found
that with self-hosting, the api-server doesn't have these options on by
default. I can see from Firefox that my session cookie is not HTTP-only, and
not secure, etc.
>
> Perhaps you know a better way to have them configured in api-server in 3.0?
>
> I currently just add these 3 options in the api-server config python file
via the Helm chart values, and it works. I think it would be great if these
options can be set more transparently.
You are using these config so you need them back and I think this is okay.
You are using these configs `conf.getboolean("webserver", "COOKIE_SECURE")` and
`conf.get("webserver", "COOKIE_SAMESITE")`. I think the right approach would be
to move these config to Fab provider because they are specific to Fab. Once
done you would need to update
`airflow-core/src/airflow/cli/commands/config_command.py` and
`airflow-ctl/src/airflowctl/ctl/commands/config_command.py` to no longer mark
them as deleted but moved from `webserver` to `fab`. This
[PR](https://github.com/apache/airflow/pull/50056) is a good example on how to
do that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
