Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
gyanprakash48 commented on PR #55704: URL: https://github.com/apache/airflow/pull/55704#issuecomment-3674584661 Thanks! , yes that solved đź‘Ť -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
sjyangkevin commented on PR #55704: URL: https://github.com/apache/airflow/pull/55704#issuecomment-3673460625 Thanks @jason810496 . I think it could be the issue. @gyanprakash48 could you try out the setting @jason810496 suggest? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
gyanprakash48 commented on PR #55704:
URL: https://github.com/apache/airflow/pull/55704#issuecomment-3671232561
@sjyangkevin i am still facing this error , i am on helm chart 1.18.0 and
and then using image defaultAirflowTag: "3.1.5" . I set
AIRFLOW__WEBSERVER__BASE_URL as well in apiserver , but still error persist.
{"detail":"Invalid or unsafe next URL"}. i can see next path is url encoded .
any help what i need to do ? (if i manually remove url encoding in browser
then it works, that specific navigation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
sjyangkevin commented on PR #55704: URL: https://github.com/apache/airflow/pull/55704#issuecomment-3298185195 Thanks for the feedback. Will make the change and add the test case -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
pierrejeambrun merged PR #55704: URL: https://github.com/apache/airflow/pull/55704 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
jason810496 commented on PR #55704: URL: https://github.com/apache/airflow/pull/55704#issuecomment-3301191926 > Yes. In the case of target url is "relative" to the base url, the additional check there will fail to unquote the target url. Thanks for pointing this out. Thanks for the update! Having unquote in the loop make more sense to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix redirection to 'next' url raises an unsafe error [airflow]
sjyangkevin commented on PR #55704: URL: https://github.com/apache/airflow/pull/55704#issuecomment-3300844519 Thanks @pierrejeambrun , @jason810496 > I think we should always unquote. > can you add a test where the target url is “relative” to the base url (I.e nested down the path). > I think with the current code that wouldn’t work, but it should. > For instance: "https%3A%2F%2Frequesting_server_base_url.com%2Fprefix2%2Fsub_path” Yes. In the case of target url is "relative" to the base url, the additional check there will fail to unquote the target url. Thanks for pointing this out. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
[PR] Fix redirection to 'next' url raises an unsafe error [airflow]
sjyangkevin opened a new pull request, #55704:
URL: https://github.com/apache/airflow/pull/55704
Close: #55473
### why
The `is_safe_url` method will return `False` when the `target_url` is
encoded and it is the same as either `base_url` or `request.base_url`.
Therefore, we will unquote it before joining with base.
https://github.com/apache/airflow/issues/55143#issuecomment-3275754077
#55473
---
**^ Add meaningful description above**
Read the **[Pull Request
Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)**
for more information.
In case of fundamental code changes, an Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals))
is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party
License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in a
newsfragment file, named `{pr_number}.significant.rst` or
`{issue_number}.significant.rst`, in
[airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
