Skip to content

Add back ProxyFix Middleware for flask app builder #49942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vincbeck merged 6 commits into from
Apr 30, 2025
Merged

Add back ProxyFix Middleware for flask app builder #49942

vincbeck merged 6 commits into from
Apr 30, 2025

Conversation

@gschuurman
Copy link
Contributor

@gschuurman gschuurman commented Apr 29, 2025
edited
Loading

Fixes: #49781
Fixes: #49705

Add back the Removed ProxyFix Middleware to allow Oauth2 authentication when using a reverse proxy like nginx or traefik.

When not using proxyFix the redirect_url incorectly gets set to http:// instead of the expected https://, This breaks many authentication flows, especially azure, which does not allow http:// redirect_urls for anything other than localhost.

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@gschuurman gschuurman requested a review from vincbeck as a code owner April 29, 2025 09:25
Add back ProxyFix Middleware for flask app builder
5fb1acd 
Fixes Issues apache#49781 apache#49705

Add back the Removed ProxyFix Middleware to allow Oauth2 authentication
when using a reverse proxy like nginx or traefik.

When not using proxyFix the redirect_url incorectly gets set to http://
instead of the expected https://, This breaks many authentication flows,
especially azure, which does not allow http:// redirect_urls for
anything other than localhost.

Help is needed with adjusting the configuration from webserver to
api-server.
Add config documentation to fab provider
28cbd62 
Add the original proxy_fix documentation back into the FAB provider
package and update the section to match fab instead of websever.
eladkal
eladkal reviewed Apr 29, 2025
View reviewed changes
@vincbeck vincbeck merged commit 59d592f into apache:main Apr 30, 2025
65 checks passed
@vincbeck vincbeck mentioned this pull request Apr 30, 2025
Merged
@eladkal eladkal mentioned this pull request May 14, 2025
Closed
@jedcunningham jedcunningham mentioned this pull request Jun 16, 2025
Closed
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eladkal eladkal eladkal left review comments

@vincbeck vincbeck vincbeck approved these changes

Assignees

No one assigned

Labels

area:providers provider:fab

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[3.0.0] Removal of AIRFLOW__WEBSERVER__ENABLE_PROXY_FIX is breaking FAB OAuth sign in SSO over EntraID not working anymore in version 3.0.0

3 participants

@gschuurman @eladkal @vincbeck