Used in conjunction with D7805
Details
manual run in dagit & network tab confirms that the "authorization" header is present
Diff Detail
- Repository
- R1 dagster
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Hmm I think this works for now because we're planning on using the authToken primarily to attribute runs, etc. to different users, but I think if we really wanted security we'd need to add auth to the websockets interface as well (or stop using it), right? I wonder if we should add a small comment in here explaining that there are still un-authorized GraphQL requests being made from the app in the few places we need websockets?
Yup this all makes sense. I'll add a comment - I think we're doing pretty extensive work on getting a more full-blown auth done on the backend, I just figured that this would be a way to get a pluggable header in the HTTP requests if needed. I think I'll rename to headerAuthToken instead of authToken so it's clear that the token is attached to a header.