Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-2886

Secure Flask SECRET_KEY

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • None
    • 2.0.0
    • None
    • None

    Description

      In my earlier PRs, https://github.com/apache/incubator-airflow/pull/3651 and https://github.com/apache/incubator-airflow/pull/3729 , I proposed to generate random SECRET_KEY for Flask App.

      If we have multiple workers for the Flask webserver, we may encounter CSRF error The CSRF session token is missing .

      On the other hand, it's still very important to have as random SECRET_KEY as possible for security reasons. We can deal with it like how we dealt with FERNET_KEY (i.e. generate a random value when the airflow.cfg file is initiated).

      Attachments

        Issue Links

          Activity

            People

              xddeng Xiaodong Deng
              xddeng Xiaodong Deng
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: