UI: Preserve proxied URL on login redirect by desusaiteja · Pull Request #66690 · apache/airflow

desusaiteja · 2026-05-11T04:53:15Z

When Airflow UI is reached through a proxy such as Gitpod, Codespaces, ngrok, or a reverse proxy, the auth-failure redirect can preserve the API server's absolute URL in the next parameter instead of the browser-visible URL. After login, that can send users to the wrong origin such as http://localhost:29091.

This change makes the UI send a same-origin relative next target using only path, query, and hash. That keeps the browser on the current origin after login while still returning users to the same page they were on.

Validation:

added regression tests for path-only, path + query, and path + query + hash redirects
added coverage for proxied subpaths such as /team-a/...
confirmed the generated next target does not include an http:// or https:// origin prefix

closes: #46533

Was generative AI tooling used to co-author this PR?

Yes — Codex (GPT-5.4)

Generated-by: Codex (GPT-5.4) following the guidelines

When the UI is reached through a proxy (Gitpod, Codespaces, ngrok, reverse proxies), the auth-failure interceptor sent the API server's absolute URL as the 'next' parameter, so post-login redirects went to e.g. http://localhost:29091 instead of the URL the browser is on. Send a same-origin path+search+hash instead, so the browser stays on whatever origin it is currently using. Add regression coverage for proxied subpaths so redirects also preserve base paths such as /team-a/. closes: apache#46533

boring-cyborg · 2026-05-11T04:53:20Z

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide
Here are some useful points:

Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example Dag that shows how users should use it.
Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
Be sure to read the Airflow Coding style.
Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
Apache Airflow is a community-driven project and together we are making it better 🚀.
In case of doubts contact the developers at:
Mailing List: dev@airflow.apache.org
Slack: https://s.apache.org/airflow-slack

boring-cyborg · 2026-05-13T14:40:12Z

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

When the UI is reached through a proxy (Gitpod, Codespaces, ngrok, reverse proxies), the auth-failure interceptor sent the API server's absolute URL as the 'next' parameter, so post-login redirects went to e.g. http://localhost:29091 instead of the URL the browser is on. Send a same-origin path+search+hash instead, so the browser stays on whatever origin it is currently using. Add regression coverage for proxied subpaths so redirects also preserve base paths such as /team-a/. closes: apache#46533

When the UI is reached through a proxy (Gitpod, Codespaces, ngrok, reverse proxies), the auth-failure interceptor sent the API server's absolute URL as the 'next' parameter, so post-login redirects went to e.g. http://localhost:29091 instead of the URL the browser is on. Send a same-origin path+search+hash instead, so the browser stays on whatever origin it is currently using. Add regression coverage for proxied subpaths so redirects also preserve base paths such as /team-a/. closes: #46533 (cherry picked from commit 25ef835) Co-authored-by: Sai Teja Desu <31831475+desusaiteja@users.noreply.github.com>

desusaiteja requested review from bbovenzi, choo121600, guan404ming, pierrejeambrun, ryanahamilton, shubhamraj-git and vatsrahul1001 as code owners May 11, 2026 04:53

boring-cyborg Bot added the area:UI Related to UI/UX. For Frontend Developers. label May 11, 2026

desusaiteja mentioned this pull request May 11, 2026

With useNavigate, we can navigate through routes like /webapp, automatically using the correct domain. #46533

Closed

2 tasks

Merge upstream/main into fix/46533-relative-next-url

e561a86

bbovenzi added this to the Airflow 3.2.2 milestone May 13, 2026

bbovenzi approved these changes May 13, 2026

View reviewed changes

bbovenzi merged commit 25ef835 into apache:main May 13, 2026
82 checks passed

bbovenzi added the backport-to-v3-2-test Mark PR with this label to backport to v3-2-test branch label May 13, 2026

vatsrahul1001 mentioned this pull request May 18, 2026

[v3-2-test] UI: Preserve proxied URL on login redirect (#66690) #67091

Merged

1 task

vatsrahul1001 mentioned this pull request May 21, 2026

Status of testing of Apache Airflow 3.2.2rc1 #67282

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UI: Preserve proxied URL on login redirect#66690

UI: Preserve proxied URL on login redirect#66690
bbovenzi merged 2 commits into
apache:mainfrom
desusaiteja:fix/46533-relative-next-url

desusaiteja commented May 11, 2026

Uh oh!

boring-cyborg Bot commented May 11, 2026

Uh oh!

Uh oh!

boring-cyborg Bot commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

desusaiteja commented May 11, 2026

Was generative AI tooling used to co-author this PR?

Uh oh!

boring-cyborg Bot commented May 11, 2026

Uh oh!

Uh oh!

boring-cyborg Bot commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants