[airflow] 22/31: Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491)

ephraimanierobi Tue, 22 Mar 2022 12:47:16 -0700

This is an automated email from the ASF dual-hosted git repository.

ephraimanierobi pushed a commit to branch v2-2-test
in repository https://gitbox.apache.org/repos/asf/airflow.git


commit 58f09cdadbc2ff6e0d46a2c1aa0d71740f343097
Author: Kanthi <subkan...@gmail.com>
AuthorDate: Sat Jan 22 18:09:51 2022 -0500

    Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. 
(#19491)
    
    (cherry picked from commit 084079f446570ba43114857ea1a54df896201419)
---
 airflow/www/extensions/init_security.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/airflow/www/extensions/init_security.py 
b/airflow/www/extensions/init_security.py
index 544deeb..2481a96 100644
--- a/airflow/www/extensions/init_security.py
+++ b/airflow/www/extensions/init_security.py
@@ -35,7 +35,8 @@ def init_xframe_protection(app):
         return
 
     def apply_caching(response):
-        response.headers["X-Frame-Options"] = "DENY"
+        if not x_frame_enabled:
+            response.headers["X-Frame-Options"] = "DENY"
         return response
 
     app.after_request(apply_caching)

[airflow] 22/31: Set X-Frame-Options header to DENY only if X_FRAME_ENABLED is set to true. (#19491)

Reply via email to