JC-comp opened a new issue, #63111: URL: https://github.com/apache/airflow/issues/63111
### Apache Airflow version 3.1.7 ### If "Other Airflow 3 version" selected, which one? _No response_ ### What happened? A regression was introduced in PR #58997 regarding how the security iframe handles redirection. The current logic checks for a hardcoded pathname starting with /auth/, which fails when Airflow is configured with a non-root base_url (e.g., when hosted at /airflow/). https://github.com/apache/airflow/blob/d38400997bcef9570246abae3e3ba80983c9d11a/airflow-core/src/airflow/ui/src/pages/Security.tsx#L43-L49 ### What you think should happen instead? _No response_ ### How to reproduce 1. Configure Airflow to run behind a prefix (e.g., AIRFLOW__API__BASE_URL=/airflow). 2. Access the UI and navigate to security tabs. 3. The onLoad handler in the security iframe triggers. 4. iframe.contentWindow.location.pathname returns /airflow/auth/.... 5. The check .startsWith("/auth/") returns false. 6. The router incorrectly calls navigate("/"), redirecting the user to the root instead of the dashboard. ### Operating System Debian GNU/Linux 12 (bookworm) ### Versions of Apache Airflow Providers _No response_ ### Deployment Docker-Compose ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
