ashb commented on code in PR #47432:
URL: https://github.com/apache/airflow/pull/47432#discussion_r1993302546
##########
providers/fab/src/airflow/providers/fab/www/views.py:
##########
@@ -70,7 +71,9 @@ class FabIndexView(IndexView):
def index(self):
if g.user is not None and g.user.is_authenticated:
token = get_auth_manager().get_jwt_token(g.user)
- return redirect(urljoin(conf.get("api", "base_url"),
f"?token={token}"), code=302)
+ response = make_response(redirect(f"{conf.get('api',
'base_url')}", code=302))
+ response.set_cookie("_token", token)
Review Comment:
We _cant_ use `httponly` here as we need it to be readable from the JS front
end don't we?
And can we set `secure` for localhost when there might not be https set up?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
