API Authentication

The API authentication is handled by the auth manager. For more information about API authentication, please refer to the auth manager documentation used by your environment. By default Airflow uses the FAB auth manager, if you did not specify any other auth manager, please look at API Authentication.

Enabling CORS

Cross-origin resource sharing (CORS) is a browser security feature that restricts HTTP requests that are initiated from scripts running in the browser.

Access-Control-Allow-Headers, Access-Control-Allow-Methods, and Access-Control-Allow-Origin headers can be added by setting values for access_control_allow_headers, access_control_allow_methods, and access_control_allow_origins options in the [api] section of the airflow.cfg file.

access_control_allow_headers = origin, content-type, accept
access_control_allow_methods = POST, GET, OPTIONS, DELETE
access_control_allow_origins = https://exampleclientapp1.com https://exampleclientapp2.com

Page size limit

To protect against requests that may lead to application instability, the stable API has a limit of items in response. The default is 100 items, but you can change it using maximum_page_limit option in [api] section in the airflow.cfg file.

Was this entry helpful?