[ https://issues.apache.org/jira/browse/AIRFLOW-836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on AIRFLOW-836 started by Alex Guziel. ------------------------------------------- > The paused and queryview endpoints are vulnerable to CSRF > --------------------------------------------------------- > > Key: AIRFLOW-836 > URL: https://issues.apache.org/jira/browse/AIRFLOW-836 > Project: Apache Airflow > Issue Type: Bug > Reporter: Alex Guziel > Assignee: Alex Guziel > > These endpoints use GET and are state-changing which is bad practice, and > allows CSRF -- This message was sent by Atlassian JIRA (v6.3.15#6346)