Regression in security iframe navigation logic (ignores basename)

[JC-comp]

Apache Airflow version

3.1.7

If "Other Airflow 3 version" selected, which one?

No response

What happened?

A regression was introduced in PR #58997 regarding how the security iframe handles redirection. The current logic checks for a hardcoded pathname starting with /auth/, which fails when Airflow is configured with a non-root base_url (e.g., when hosted at /airflow/).

airflow/airflow-core/src/airflow/ui/src/pages/Security.tsx

Lines 43 to 49 in d384009

	const onLoad = () => {
	const iframe: HTMLIFrameElement | null = document.querySelector("#security-iframe");
	if (iframe?.contentWindow && !iframe.contentWindow.location.pathname.startsWith("/auth/")) {
	void Promise.resolve(navigate("/"));
	}
	};

What you think should happen instead?

No response

How to reproduce

1. Configure Airflow to run behind a prefix (e.g., AIRFLOW__API__BASE_URL=/airflow).
2. Access the UI and navigate to security tabs.
3. The onLoad handler in the security iframe triggers.
4. iframe.contentWindow.location.pathname returns /airflow/auth/....
5. The check .startsWith("/auth/") returns false.
6. The router incorrectly calls navigate("/"), redirecting the user to the root instead of the dashboard.

Operating System

Debian GNU/Linux 12 (bookworm)

Versions of Apache Airflow Providers

No response

Deployment

Docker-Compose

Deployment details

No response

Anything else?

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.

[Subham-KRLX]

i want to fix this issue raising a pr regarding this.