Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-2866

Missing CSRF Token Error on Web RBAC UI Create/Update Operations

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 1.10.2
    • Component/s: ui
    • Labels:

      Description

      Attempting to modify or delete many resources (such as Connections or Users) results in a 400 from the webserver:

      Bad Request
      The CSRF session token is missing.

      Logs report:

      [2018-08-07 18:45:15,771] {csrf.py:251} INFO - The CSRF session token is missing.
      192.168.9.1 - - [07/Aug/2018:18:45:15 +0000] "POST /admin/connection/delete/ HTTP/1.1" 400 150 "http://localhost:8081/admin/connection/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36"

      Chrome dev tools show the CSRF token is present in the request payload.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jakahn Jasper Kahn
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: