Codingaditya17 commented on issue #67476: URL: https://github.com/apache/airflow/issues/67476#issuecomment-4535320569
I opened a PR for this here: https://github.com/apache/airflow/pull/67483 The fix updates the SimpleAuthManager `/auth/token/login` flow to preserve the `next` query parameter after setting the `_token` cookie. If `next` is present and safe, the user is redirected back to the originally requested deep link. If it is missing or unsafe, it falls back to the existing homepage/base URL behavior. I also reused the existing `is_safe_url` helper to avoid introducing an open redirect issue, and added regression tests for both safe internal `next` URLs and unsafe external `next` URLs. Local test run: ```bash uv run pytest airflow-core/tests/unit/api_fastapi/auth/managers/simple/routes/test_login.py -q 11 passed, 1 warning -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
