Update security_model.rst to clear unauthenticated endpoints exceptio…

…ns (apache#42057) * Update security_model.rst Fixing confusion on exception to unauthenticated endpoints. * Update security_model.rst Fixed grammar and spell mistakes. * Update docs/apache-airflow/security/security_model.rst * Update docs/apache-airflow/security/security_model.rst --------- Co-authored-by: Jarek Potiuk <[email protected]>
aws-mwaa · Sep 7, 2024 · 6f0af88 · 6f0af88
1 parent 025ce81
commit 6f0af88
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst
@@ -81,7 +81,7 @@ Non-authenticated UI users
 ..........................
 
 Airflow doesn't support unauthenticated users by default. If allowed, potential vulnerabilities
-must be assessed and addressed by the Deployment Manager.
+must be assessed and addressed by the Deployment Manager. However, there are exceptions to this. The ``/health`` endpoint responsible to get health check updates should be publicly accessible. This is because other systems would want to retrieve that information. Another exception is the ``/login`` endpoint, as the users are expected to be unauthenticated to use it.
 
 Capabilities of authenticated UI users
 --------------------------------------