Lee-W commented on PR #53907: URL: https://github.com/apache/airflow/pull/53907#issuecomment-3195701080
> Then lets change that. We control both ends, we can change it 😄 I don't think it's the best idea to make this change. However, I might miss some context from the frontend perspective. Thus, I'd love to hear what Brent and @pierrejeambrun think before proceeding with the change. > I also wonder if a lot of that could be done with query params and on the front end. ?option=Approve or something like that pre-populates the form. i.e. nothing needed to store in the DB for that plan to work. Currently, there is nothing stored in the database for this share link feature. The `?options=...` thing is something in the plan. > Single click to approve in an email I don't think is safe -- for that to work I think it would need to be a GET request and having a GET mutate state seems like a poor idea. We could maybe have a GET request that loads the page and then submits via JS, but that still feels like an error/risk-prone approach to me. This is something stated in the AIP-90. I am ok with removing it, but would like to confirm with @jscheffl or @vikramkoka. This `respond` public endpoint is similar to the one used for responses, but it may be easier for users to use. I also view it as somewhat risky. But at least the user knows they're responding to something. So they can decide whether they want to take the risk. If they have doubt, don't click it. while the `redirect` endpoint won't do any action > A pure GET request that mutates the state runs the risk of some background process (be it the browser itself pre-fetching, or the MUA etc) hitting it and running the endpoint, so I think that is out to my mind. Yes, this is something I don't think we should do. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
