Skip to content

Commit

Permalink
Bump version checked by FAB provider on logout CSRF protection to 2.10.0
Browse files Browse the repository at this point in the history 
Unfortunately version check on auh manager for logout CSRF protection
assumed that the fix to CSRF protection will be merged in 2.9.3, but
it was not, so we have to bump the minimum version it is supported
to 2.10.0.

Related: apache#40470
Related: apache#40479
  • Loading branch information
@potiuk
potiuk committed Jul 15, 2024
1 parent d699087 commit 4f596cb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions airflow/providers/fab/auth_manager/security_manager/override.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,8 @@
# allows utilizing the GET method for them.
# You could remove the patch and configure it when it is supported
# natively by Flask-AppBuilder (https://github.com/dpgaspar/Flask-AppBuilder/issues/2248)
if packaging.version.parse(packaging.version.parse(airflow_version).base_version) <= packaging.version.parse(
"2.9.2"
if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
"2.10.0"
):
_methods = ["GET", "POST"]
else:
Expand Down

0 comments on commit 4f596cb

Please sign in to comment.