Codingaditya17 opened a new pull request, #67483: URL: https://github.com/apache/airflow/pull/67483
## Why When opening a deep link in a fresh browser session without a valid `_token` cookie, SimpleAuthManager redirects through `/auth/token/login` but drops the original `next` URL. As a result, the user lands on `/` after auto-login instead of the originally requested DAG run or task URL. Opening the same link again works because the `_token` cookie already exists. ## What changed This updates the SimpleAuthManager `/auth/token/login` route to: - Read the `next` query parameter - Redirect to it after login when it is safe - Fall back to the configured API base URL when `next` is missing or unsafe - Preserve existing `_token` cookie behavior The fix reuses the existing `is_safe_url` helper to avoid introducing an open redirect issue. ## Tests Added regression tests for: - Redirecting to a safe internal `next` URL after login - Ignoring an unsafe external `next` URL and falling back to `/` Ran: ```bash uv run pytest airflow-core/tests/unit/api_fastapi/auth/managers/simple/routes/test_login.py -q -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
