| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| from __future__ import annotations |
| |
| import logging |
| from importlib import import_module |
| |
| from flask import redirect, request |
| |
| from airflow.configuration import conf |
| from airflow.exceptions import AirflowConfigException, AirflowException |
| from airflow.www.extensions.init_auth_manager import get_auth_manager |
| |
| log = logging.getLogger(__name__) |
| |
| |
| def init_xframe_protection(app): |
| """ |
| Add X-Frame-Options header. |
| |
| Use it to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. |
| |
| See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
| """ |
| x_frame_enabled = conf.getboolean("webserver", "X_FRAME_ENABLED", fallback=True) |
| if x_frame_enabled: |
| return |
| |
| def apply_caching(response): |
| response.headers["X-Frame-Options"] = "DENY" |
| return response |
| |
| app.after_request(apply_caching) |
| |
| |
| def init_api_experimental_auth(app): |
| """Load authentication backends.""" |
| auth_backends = "airflow.api.auth.backend.default" |
| try: |
| auth_backends = conf.get("api", "auth_backends") |
| except AirflowConfigException: |
| pass |
| |
| app.api_auth = [] |
| try: |
| for backend in auth_backends.split(","): |
| auth = import_module(backend.strip()) |
| auth.init_app(app) |
| app.api_auth.append(auth) |
| except ImportError as err: |
| log.critical("Cannot import %s for API authentication due to: %s", backend, err) |
| raise AirflowException(err) |
| |
| |
| def init_cache_control(app): |
| def apply_cache_control(response): |
| if "Cache-Control" not in response.headers: |
| response.headers["Cache-Control"] = "no-store" |
| return response |
| |
| app.after_request(apply_cache_control) |
| |
| |
| def init_check_user_active(app): |
| @app.before_request |
| def check_user_active(): |
| url_logout = get_auth_manager().get_url_logout() |
| if request.path == url_logout: |
| return |
| if get_auth_manager().is_logged_in() and not get_auth_manager().get_user().is_active: |
| return redirect(url_logout) |