Xiaodong DENG created AIRFLOW-2886:
--------------------------------------
Summary: Secure Flask SECRET_KEY
Key: AIRFLOW-2886
URL: https://issues.apache.org/jira/browse/AIRFLOW-2886
Project: Apache Airflow
Issue Type: Bug
Reporter: Xiaodong DENG
Assignee: Xiaodong DENG
In my earlier PRs, [https://github.com/apache/incubator-airflow/pull/3651] and
[https://github.com/apache/incubator-airflow/pull/3729] , I proposed to
generate random SECRET_KEY for Flask App.
If we have multiple workers for the Flask webserver, we may encounter CSRF
error {{The CSRF session token is missing}} .
On the other hand, it's still very important to have as random SECRET_KEY as
possible for security reasons. We can deal with it like how we dealt with
FERNET_KEY (i.e. generate a random value when the airflow.cfg file is
initiated).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
