Set X-Frame-Options header to DENY unless X_FRAME_ENABLED is set to true #19491
Conversation
subkanthi
requested review from
ashb,
bbovenzi and
ryanahamilton
as code owners
uranusjr
changed the title
|
I think the description is the other way around? The request (and the patch!) is to set |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 5 days if no further activity occurs. Thank you for your contributions. |
github-actions
bot
added
the
stale
uranusjr
removed
the
stale
github-actions
bot
added
the
okay to merge
|
The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease. |
|
Sorry for being late on this PR, but doesn't it prevent X-FRAME from being disabled ? Line 34 will check if it is disabled and if so it will immediately exit without giving a chance to set the header to deny |
Yep. I think you are right. |
The apache#19491 incorrectly changed condition on assigning the X-Frame-Options header DENY. It actually was not possible to set the DENY header.
The #19491 incorrectly changed condition on assigning the X-Frame-Options header DENY. It actually was not possible to set the DENY header.
Set X-Frame-Options header to DENY unless X_FRAME_ENABLED is set to true.
closes: #17255
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.