pierrejeambrun commented on PR #67193: URL: https://github.com/apache/airflow/pull/67193#issuecomment-4496941651
> Context? https://github.com/apache/airflow/pull/66503#pullrequestreview-4319496344 The problem it tries to solve is the combination of both `allow_credentials=True` and `allow_origins=*`. This doesn't prevent user from setting this bad configuration. On the other hand configuring `allow_credentials=False` doesn't seem to fit any real word scenario deployment. Unless both the API and the UI are on the same origin, it will break the UI completely. Maybe you have cases in mind where this would be helpful? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
