-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set X-Frame-Options header to DENY unless X_FRAME_ENABLED is set to true #19491
Set X-Frame-Options header to DENY unless X_FRAME_ENABLED is set to true #19491
Conversation
I think the description is the other way around? The request (and the patch!) is to set |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 5 days if no further activity occurs. Thank you for your contributions. |
The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease. |
Sorry for being late on this PR, but doesn't it prevent X-FRAME from being disabled ? Line 34 will check if it is disabled and if so it will immediately exit without giving a chance to set the header to deny |
Yep. I think you are right. |
The apache#19491 incorrectly changed condition on assigning the X-Frame-Options header DENY. It actually was not possible to set the DENY header.
The #19491 incorrectly changed condition on assigning the X-Frame-Options header DENY. It actually was not possible to set the DENY header.
Set X-Frame-Options header to DENY unless X_FRAME_ENABLED is set to true.
closes: #17255
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.