jscheffl commented on PR #53907: URL: https://github.com/apache/airflow/pull/53907#issuecomment-3198065908
I do not have a very strong opinion and also see the risk but (1) the feature needs to be enabled and (2) somebody needs to create and distribute the link. And (3) the link is "secured". Do not forget (4) the feature needs to be enabled by config as well. So if somebody has the need for the option he probably knows what he is doing. GET or POST... mainly it is the option of a "single click" approval/confirm or a "two click" (1 click for the link to open the UI and then another press of the button". I would be hesitant as well if it would generate emails with "dangerous links" per default but here somebody needs to want id and somebody needs to make the glue e.g. distributing a link in an email. No out of the box danger. Amazon also got very famous for "1-click" buy and got also patents on it, (I never used it but it seems some people liked it)... having the risk of mis-clicking and directly charging credit card. TLDR: I am not hesitant merging, it is ready, looks good and is safe by default. But marketing.wise you can make a "1 click approve email" if somebody wants to have this UX. I'd still advise not to make a "click here to approve budget for 1 mio dollar" but maybe minor convenience things like passive approvals... Confluence also does it with "Like the page" direct links. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
