CSRF Token not included in request header

[lbrack1]

Apache Airflow version:
1.10.9

Environment:
Google Cloud Compute Instance

• OS (e.g. from /etc/os-release):
  Red Hat Enterprise Linux Server
  Version 7.7
• Kernel (e.g. uname -a):
• Install tools:
• Others:

What happened:

After rebuilding an Airflow environment I started experiencing that DAGS could not be toggled on/off via the UI. It appears the CSRF token is not being included in the request.

What you expected to happen:

CSRF token to be included in the header request

What I think went wrong:

Underlying package has been updated. If I rollback my image Airflow is working. Comparing the images I can see that some underlying packages have been updated.

Pip3 output from working Airflow image vs broken Airflow image shows that some dependencies have been updated.

These are:

cattrs 0.9.0 --> cattrs 0.9.2
cryptography 2.9 --> 2.9.2
Flask-AppBuilder 2.3.2 --> Flask-AppBuilder 2.3.3
google-api-python-client 1.8.0 --> google-api-python-client 1.8.2
googl-auth 1.14.0 --> googl-auth 1.14.1
google-cloud-storage 1.27.0 --> google-cloud-storage 1.27.1
graphviz 0.13.2 --> graphviz 0.14
grpc-google-iam-v1 0.11.4 --> grpc-google-iam-v1 0.12.3
httplib2 0.17.2 --> httplib2 0.17.3
marshmallow-sqlalchemy 0.22.3 --> marshmallow-sqlalchemy 0.23.0
numpy 1.18.2 --> numpy 1.18.3
pydata-googl-auth 0.3.0 --> 1.1.0
urllib3 1.25.8 --> urllib3 1.25.9
WTForms 2.2.1 --> WTForms 2.3.1

Full pip3 list output for not working Airflow instance:

Package                        Version
------------------------------ ----------
alembic                        1.4.2
amqp                           2.5.2
apache-airflow                 1.10.9
apispec                        1.3.3
argcomplete                    1.11.1
attrs                          19.3.0
Babel                          2.8.0
bcrypt                         3.1.7
billiard                       3.6.3.0
cached-property                1.5.1
cachetools                     4.1.0
cattrs                         0.9.2
celery                         4.4.2
certifi                        2020.4.5.1
cffi                           1.14.0
chardet                        3.0.4
click                          7.1.1
colorama                       0.4.3
colorlog                       4.0.2
configparser                   3.5.3
croniter                       0.3.31
cryptography                   2.9.2
defusedxml                     0.6.0
dill                           0.3.1.1
dnspython                      1.16.0
docutils                       0.16
email-validator                1.0.5
Flask                          1.1.2
Flask-Admin                    1.5.4
Flask-AppBuilder               2.3.3
Flask-Babel                    1.0.0
Flask-Bcrypt                   0.7.1
Flask-Caching                  1.3.3
Flask-JWT-Extended             3.24.1
Flask-Login                    0.4.1
Flask-OpenID                   1.2.5
Flask-SQLAlchemy               2.4.1
flask-swagger                  0.2.13
Flask-WTF                      0.14.3
flower                         0.9.4
funcsigs                       1.0.2
future                         0.16.0
google-api-core                1.17.0
google-api-python-client       1.8.2
google-auth                    1.14.1
google-auth-httplib2           0.0.3
google-auth-oauthlib           0.4.1
google-cloud-bigquery          1.24.0
google-cloud-bigtable          0.33.0
google-cloud-container         0.5.0
google-cloud-core              1.3.0
google-cloud-dlp               0.14.0
google-cloud-language          1.3.0
google-cloud-spanner           1.9.0
google-cloud-speech            1.3.2
google-cloud-storage           1.28.0
google-cloud-texttospeech      1.0.1
google-cloud-translate         2.0.1
google-cloud-videointelligence 1.14.0
google-cloud-vision            1.0.0
google-resumable-media         0.5.0
googleapis-common-protos       1.51.0
graphviz                       0.14
grpc-google-iam-v1             0.12.3
grpcio                         1.28.1
grpcio-gcp                     0.2.2
gunicorn                       19.10.0
httplib2                       0.17.3
humanize                       0.5.1
idna                           2.9
importlib-metadata             1.6.0
iso8601                        0.1.12
itsdangerous                   1.1.0
Jinja2                         2.10.3
json-merge-patch               0.2
jsonschema                     3.2.0
kombu                          4.6.8
lazy-object-proxy              1.4.3
lockfile                       0.12.2
Mako                           1.1.2
Markdown                       2.6.11
MarkupSafe                     1.1.1
marshmallow                    2.21.0
marshmallow-enum               1.5.1
marshmallow-sqlalchemy         0.23.0
numpy                          1.18.3
oauthlib                       3.1.0
pandas                         0.25.3
pandas-gbq                     0.13.1
paramiko                       1.10.5
pendulum                       1.4.4
pip                            19.0.3
prison                         0.1.3
protobuf                       3.11.3
psutil                         5.7.0
psycopg2-binary                2.8.5
pyasn1                         0.4.8
pyasn1-modules                 0.2.8
pycparser                      2.20
pycrypto                       2.6.1
pydata-google-auth             1.1.0
Pygments                       2.6.1
PyJWT                          1.7.1
pyOpenSSL                      19.1.0
pyrsistent                     0.16.0
python-daemon                  2.1.2
python-dateutil                2.8.1
python-editor                  1.0.4
python3-openid                 3.1.0
pytz                           2019.3
pytzdata                       2019.3
PyYAML                         5.3.1
redis                          3.4.1
requests                       2.23.0
requests-oauthlib              1.3.0
rsa                            4.0
setproctitle                   1.1.10
setuptools                     40.8.0
six                            1.14.0
slackclient                    1.3.2
SQLAlchemy                     1.3.16
SQLAlchemy-JSONField           0.9.0
SQLAlchemy-Utils               0.36.3
tabulate                       0.8.7
tenacity                       4.12.0
termcolor                      1.1.0
text-unidecode                 1.2
thrift                         0.13.0
tornado                        5.1.1
typing-extensions              3.7.4.2
tzlocal                        1.5.1
unicodecsv                     0.14.1
uritemplate                    3.0.1
urllib3                        1.25.9
vine                           1.3.0
websocket-client               0.54.0
Werkzeug                       0.16.0
WTForms                        2.3.1
zipp                           3.1.0
zope.deprecation               4.4.0
-----------------------------------------

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[XD-DENG]

Thanks @lbrack1 for reporting the issue.

I can confirm that I can reproduce the issue. And I agree on your reasoning.

I Will confirm which dependency cause it and revert here

[XD-DENG]

Hi @lbrack1 , I have confirmed that after downgrading Flask-AppBuilder to 2.3.2, the issue is fixed. You may try at your side as well.

I will also prepare a PR for this.

Thanks again for sharing the issue quickly!

[kaxil]

Duplicate of #8599 and solved in #8602