Setting cookie_samesite to None in airflow.cfg throws an error

[pbaisla]

Apache Airflow version: 1.10.10

Kubernetes version (if you are using kubernetes) (use kubectl version): N/A

Environment: Airflow v1.10.10, Python v3.6.11 on Ubuntu 16.04

• Cloud provider or hardware configuration: Azure
• OS (e.g. from /etc/os-release): 16.04.4 LTS (Xenial Xerus)
• Kernel (e.g. uname -a): 4.15.0-1092-azure Question about TaskInstance.is_queueable #102~16.04.1-Ubuntu SMP Tue Jul 14 20:28:23 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• Install tools: pip v20.2
• Others: N/A

What happened:

Setting cookie_samesite value to None in airflow.cfg results in the following error:

[2020-09-07 12:13:13,966] {app.py:1892} ERROR - Exception on / [GET]
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1953, in full_dispatch_request
    return self.finalize_request(rv)
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1970, in finalize_request
    response = self.process_response(response)
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2269, in process_response
    self.session_interface.save_session(self, ctx.session, response)
  File "/usr/local/lib/python3.6/site-packages/flask/sessions.py", line 387, in save_session
    samesite=samesite,
  File "/usr/local/lib/python3.6/site-packages/werkzeug/wrappers/base_response.py", line 481, in set_cookie
    samesite=samesite,
  File "/usr/local/lib/python3.6/site-packages/werkzeug/http.py", line 1161, in dump_cookie
    raise ValueError("invalid SameSite value; must be 'Strict', 'Lax' or None")
ValueError: invalid SameSite value; must be 'Strict', 'Lax' or None

What you expected to happen:

Setting the value of cookie_samesite value to None in airflow.cfg should be supported.

How to reproduce it:

1. Set the value of cookie_samesite under the webserver section of airflow.cfg to None.
2. Restart the airflow webserver.
3. Open the webserver url in a browser and the error will appear.

Anything else we need to know:

The error occurs because the version of werkzeug supported by airflow does not set the SameSite attribute of a cookie to None correctly. Version 1.0.0 has the fix for this but in #7377 the version required by airflow was pinned to <1.0.0.

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[kurtqq]

@pbaisla can you verify #11610 solved the issue?

[kurtqq]

@potiuk i believe this issue is resolved

[kaxil]

Does this occur in 1.10.12 too, if so yeah I am happy to cherry-pick #11610 into v1-10-test and be released in 1.10.13

[ashb]

This has been fixed now.

[arsunda]

Is this only fixed in Airflow 2.0 onwards?