Copilot commented on code in PR #40652:
URL: https://github.com/apache/superset/pull/40652#discussion_r3337941968
##########
superset/views/health.py:
##########
@@ -37,9 +37,19 @@ def health() -> FlaskResponse:
@talisman(force_https=False)
def version() -> FlaskResponse:
"""
- Return comprehensive version information including Git SHA
- and branch when available.
+ Return version information for the running Superset instance.
+
+ When ``EXPOSE_VERSION_INFO`` is True (default) this returns the full
+ version metadata, including the Git SHA and branch name when available.
+ When it is False, only the human-readable version string is returned and
+ build-specific details (Git SHA, full SHA, build number, branch name) are
+ omitted so they are not exposed to unauthenticated callers.
"""
from superset.utils.version import get_version_metadata
- return jsonify(get_version_metadata())
+ metadata = get_version_metadata()
+
+ if not app.config.get("EXPOSE_VERSION_INFO", True):
+ metadata = {"version_string": metadata.get("version_string",
"unknown")}
+
Review Comment:
When `EXPOSE_VERSION_INFO` is disabled, the endpoint still calls
`get_version_metadata()` before redacting fields. That function can run `git`
subprocess calls (branch lookup) on every unauthenticated request, which is
unnecessary work once the response is limited to `version_string`. Consider
checking the flag first and returning `VERSION_STRING` directly to avoid the
extra computation/subprocess overhead.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
