Skip to content

Commit

Permalink
Bump version checked by FAB provider on logout CSRF protection to 2.1…
Browse files Browse the repository at this point in the history 
…0.0 (apache#40784)

Unfortunately version check on auh manager for logout CSRF protection
assumed that the fix to CSRF protection will be merged in 2.9.3, but
it was not, so we have to bump the minimum version it is supported
to 2.10.0.

Related: apache#40470
Related: apache#40479
  • Loading branch information
@potiuk @romsharon98
potiuk authored and romsharon98 committed Jul 26, 2024
1 parent 59748d0 commit ea04fa1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions airflow/providers/fab/auth_manager/security_manager/override.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,8 @@
# allows utilizing the GET method for them.
# You could remove the patch and configure it when it is supported
# natively by Flask-AppBuilder (https://github.com/dpgaspar/Flask-AppBuilder/issues/2248)
if packaging.version.parse(packaging.version.parse(airflow_version).base_version) <= packaging.version.parse(
"2.9.2"
if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse(
"2.10.0"
):
_methods = ["GET", "POST"]
else:
Expand Down

0 comments on commit ea04fa1

Please sign in to comment.