XD-DENG commented on issue #3729: [AIRFLOW-2884] Fix Flask SECRET_KEY security
issue in www_rbac
URL:
https://github.com/apache/incubator-airflow/pull/3729#issuecomment-412129544
Hi @kaxil , I have realised this method will cause CSRF error `The CSRF
session token is missing` when we have multiple workers for `webserver` (we
generate random secret_key for each worker, and then they're not consistent
among workers).
But I think it's still very necessary to have `as random secret_key as
possible`. One feasible way is to generate it like how we generate `fernet_key`.
I will raise a separate PR to address this and ping you then. Sorry for the
inconvenience caused.
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
