Lee-W commented on code in PR #66503:
URL: https://github.com/apache/airflow/pull/66503#discussion_r3257316326
##########
airflow-core/src/airflow/config_templates/config.yml:
##########
@@ -1794,6 +1794,16 @@ api:
version_added: 2.2.0
example: ~
default: ""
+ access_control_allow_credentials:
+ description: |
+ Whether the FastAPI server includes the
``Access-Control-Allow-Credentials`` header on
+ CORS responses. Defaults to True to preserve existing behavior; set to
False if you have
+ configured ``access_control_allow_origins`` and do not want browsers
to send credentials
+ (cookies, Authorization header) with cross-origin requests.
+ type: boolean
+ version_added: 3.2.0
Review Comment:
```suggestion
version_added: 3.2.2
```
if we're to backport it
##########
airflow-core/tests/unit/api_fastapi/core_api/test_app.py:
##########
@@ -116,3 +116,29 @@ def test_gzip_middleware_should_not_be_chunked(self,
test_client) -> None:
# Ensure we do not reintroduce Transfer-Encoding: chunked
assert "transfer-encoding" not in headers
+
+
+class TestCorsMiddlewareAllowCredentials:
+ @pytest.mark.parametrize(
+ ("config_value", "expected_allow_credentials"),
+ [(None, True), ("True", True), ("False", False)],
+ )
+ def test_init_config_passes_allow_credentials(self, config_value,
expected_allow_credentials):
+ from fastapi import FastAPI
Review Comment:
Could we import these into the top-level?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
