shaealh opened a new pull request, #69898: URL: https://github.com/apache/airflow/pull/69898
The AWS auth manager determined the JWT cookie's `Secure` flag only from `api.ssl_cert`. Deployments terminating TLS at a reverse proxy normally leave that setting empty, causing the login callback to emit a non-Secure session cookie even when the request scheme is HTTPS. This applies the proxy-aware scheme-or-certificate check already used by the core, FAB, and Keycloak auth managers. It also adds regression coverage for an HTTPS request without a locally configured certificate. related: #47878 ### Validation - Ruff formatting and lint checks passed. - Provider tests are delegated to GitHub Actions because no Docker runtime is available locally. --- ##### Was generative AI tooling used to co-author this PR? - [X] Yes — Codex (GPT-5) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
