This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-2-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 58f09cdadbc2ff6e0d46a2c1aa0d71740f343097 Author: Kanthi <subkan...@gmail.com> AuthorDate: Sat Jan 22 18:09:51 2022 -0500 Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491) (cherry picked from commit 084079f446570ba43114857ea1a54df896201419) --- airflow/www/extensions/init_security.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/airflow/www/extensions/init_security.py b/airflow/www/extensions/init_security.py index 544deeb..2481a96 100644 --- a/airflow/www/extensions/init_security.py +++ b/airflow/www/extensions/init_security.py @@ -35,7 +35,8 @@ def init_xframe_protection(app): return def apply_caching(response): - response.headers["X-Frame-Options"] = "DENY" + if not x_frame_enabled: + response.headers["X-Frame-Options"] = "DENY" return response app.after_request(apply_caching)