Update security_model.rst to clear unauthenticated endpoints exceptio…

…ns (#42057) (#42085) * Update security_model.rst Fixing confusion on exception to unauthenticated endpoints. * Update security_model.rst Fixed grammar and spell mistakes. * Update docs/apache-airflow/security/security_model.rst * Update docs/apache-airflow/security/security_model.rst --------- Co-authored-by: Jarek Potiuk <jarek@potiuk.com> (cherry picked from commit 6f0af88) Co-authored-by: SaurabhhB <saurabh.banawar@gmail.com>
apache · Sep 8, 2024 · c92bb5d · c92bb5d
1 parent a6d127b
commit c92bb5d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst
@@ -81,7 +81,7 @@ Non-authenticated UI users
 ..........................
 
 Airflow doesn't support unauthenticated users by default. If allowed, potential vulnerabilities
-must be assessed and addressed by the Deployment Manager.
+must be assessed and addressed by the Deployment Manager. However, there are exceptions to this. The ``/health`` endpoint responsible to get health check updates should be publicly accessible. This is because other systems would want to retrieve that information. Another exception is the ``/login`` endpoint, as the users are expected to be unauthenticated to use it.
 
 Capabilities of authenticated UI users
 --------------------------------------