XD-DENG commented on issue #3729: [AIRFLOW-2884] Fix Flask SECRET_KEY security issue in www_rbac URL: https://github.com/apache/incubator-airflow/pull/3729#issuecomment-412129544 Hi @kaxil , I have realised this method will cause CSRF error `The CSRF session token is missing` when we have multiple workers for `webserver` (we generate random secret_key for each worker, and then they're not consistent among workers). But I think it's still very necessary to have `as random secret_key as possible`. One feasible way is to generate it like how we generate `fernet_key`. I will raise a separate PR to address this and ping you then. Sorry for the inconvenience caused.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services