Lee-W commented on PR #53907: URL: https://github.com/apache/airflow/pull/53907#issuecomment-3196054884
In the current implementation, the secret key is used to encode both task instance data and predefined HITL data. The task instance data includes the ti_id, which is retrieved from the database and not provided by the user. We will verify if the ti_id corresponds to the expected value. Also, there's an expires_at default to 1 day if not set. During the token decoding process, we will need the secret key to decode it. Then, we'll check the `expires_at` value and whether the `ti_id` is correct. The user also needs the permission to respond to this hitl detail. Otherwise, clicking the link will result in a 403. --- I think we somewhat achieve what's needed, but I'm still not super comfortable with `GET` performing the update of the data. Would love to hear how the AIP authors think back to the time it was proposed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
