NanineO opened a new issue, #43592: URL: https://github.com/apache/airflow/issues/43592
### Apache Airflow version 2.10.2 ### If "Other Airflow 2 version" selected, which one? _No response_ ### What happened? After upgrading to version 2.10.2 (from 2.8.2) when logging out from the web UI, I get the following error: `"POST /logout/ HTTP/1.1" 405 463 "https://tst-airflow........./home"; ` It might be that this error originates from our side. So, I wanted to avoid the POST-method. I am using Keycloak for authentication, and part of the code is this: ``` from airflow.www.fab_security.manager import AUTH_OAUTH from airflow.providers.fab.auth_manager.security_manager.override import FabAirflowSecurityManagerOverride ... class CustomAuthRemoteUserView(AuthOAuthView): @expose("/logout/") def logout(self): """Delete access token before logging out.""" return super().logout() class CustomSecurityManager(FabAirflowSecurityManagerOverride): authoauthview = CustomAuthRemoteUserView ``` I hoped to solve my 405-463 error by overriding this new code in https://github.com/shahar1/airflow/blob/main/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py : ``` # The following logic patches the logout method within AuthView, so it supports POST method # to make CSRF protection effective. It is backward-compatible with Airflow versions <= 2.9.2 as it still # allows utilizing the GET method for them. # You could remove the patch and configure it when it is supported # natively by Flask-AppBuilder (https://github.com/dpgaspar/Flask-AppBuilder/issues/2248) if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse( "2.10.0" ): _methods = ["GET", "POST"] else: _methods = ["POST"] class _ModifiedAuthView(AuthView): @expose("/logout/", methods=_methods) def logout(self): return super().logout() for auth_view in [AuthDBView, AuthLDAPView, AuthOAuthView, AuthOIDView, AuthRemoteUserView]: auth_view.__bases__ = (_ModifiedAuthView,) ``` and to use my class CustomAuthRemoteUserView again. But I don't succeed. Is it even possible to override that new class _ModifiedAuthView? ### What you think should happen instead? I would have expected that my old override for logout still would work. I am afraid that the new class _ModifiedAuthView that has been added to __bases__ is dominating now. ### How to reproduce I think that viewing the code and overthinking how this newly added code for logout can be overridden will be sufficient. ### Operating System Kubernetes, via Helm-installation. (User Community, version 8.9.0) ### Versions of Apache Airflow Providers apache-airflow-providers-fab 1.3.0 ### Deployment Other 3rd-party Helm chart ### Deployment details Helm chart from User Community, version 8.9.0 ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
