pierrejeambrun commented on code in PR #55262:
URL: https://github.com/apache/airflow/pull/55262#discussion_r2353171862
##########
airflow-core/src/airflow/api_fastapi/app.py:
##########
@@ -185,6 +188,12 @@ def init_plugins(app: FastAPI) -> None:
if url_prefix is None:
log.error("'url_prefix' key is missing for the fastapi app: %s",
name)
continue
+ if url_prefix == "":
+ log.error("'url_prefix' key is empty string for the fastapi app:
%s", name)
+ continue
+ if url_prefix in RESERVED_URL_PREFIXES:
+ log.error("Plugin %s attempted to use reserved url_prefix '%s'",
name, url_prefix)
+ continue
Review Comment:
Ideally we should check that `url_prefix` does not start with any of
`reserved_rul_prefix`.
Basically we don't want to allow things such as:
`/execution/my_nested_app/`, `/execution/task_instance` etc...
Because those could shadow `nested` routes of public, private, or execution
api.
App shouldn't register anything (even nested) into those apps.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
