pierrejeambrun commented on code in PR #64219:
URL: https://github.com/apache/airflow/pull/64219#discussion_r3000570703
##########
airflow-core/src/airflow/api_fastapi/core_api/security.py:
##########
@@ -140,6 +140,13 @@ async def get_user(
token_str = bearer_credentials.credentials
elif oauth_token:
token_str = oauth_token
+ elif request.headers.get("authorization"):
Review Comment:
I would say that if fastapi `bearer_credentials` doesn't find it. It means
that the auth provided is non standard anyway and we should probably continue
the normal flow. (`bearer_credentials` will be None I believe). Checking for
all possible malformed authorization header isn't good. (maybe someone put the
token in a different header completely)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
