apache
"Search" Panel in Security Menu Inaccessible in Airflow 3.0.2
Apache Airflow version
3.0.2
If "Other Airflow 2 version" selected, which one?
No response
What happened?
Hi Airflow team,
I'm encountering an issue with the Airflow UI in version 3.0.2. The "Search" panel under the Security menu appears to be inaccessible. When I attempt to click on it, nothing happens—there is no response or error message in the UI, and the panel does not open.
What you think should happen instead?
Expected behavior: Clicking on the Search, a search panel appear.
How to reproduce
Steps to reproduce:
Navigate to the Airflow web UI (v3.0.2). Go to the Security menu. Attempt to access the Search panel.
Operating System
debian
Versions of Apache Airflow Providers
Package Version
a2wsgi 1.10.8 adal 1.2.7 adlfs 2024.12.0 aiobotocore 2.22.0 aiofiles 24.1.0 aiohappyeyeballs 2.6.1 aiohttp 3.12.7 aioitertools 0.12.0 aiologic 0.14.0 aiomysql 0.2.0 aiosignal 1.3.2 aiosqlite 0.21.0 alembic 1.16.1 amqp 5.3.1 annotated-types 0.7.0 anyio 4.9.0 apache-airflow 3.0.2 apache-airflow-core 3.0.2 apache-airflow-providers-amazon 9.8.0 apache-airflow-providers-celery 3.11.0 apache-airflow-providers-cncf-kubernetes 10.5.0 apache-airflow-providers-common-compat 1.7.0 apache-airflow-providers-common-io 1.6.0 apache-airflow-providers-common-messaging 1.0.2 apache-airflow-providers-common-sql 1.27.1 apache-airflow-providers-docker 4.4.0 apache-airflow-providers-elasticsearch 6.3.0 apache-airflow-providers-fab 2.2.0 apache-airflow-providers-ftp 3.13.0 apache-airflow-providers-git 0.0.2 apache-airflow-providers-google 15.1.0 apache-airflow-providers-grpc 3.8.0 apache-airflow-providers-hashicorp 4.2.0 apache-airflow-providers-http 5.3.0 apache-airflow-providers-microsoft-azure 12.4.0 apache-airflow-providers-mysql 6.3.0 apache-airflow-providers-odbc 4.10.0 apache-airflow-providers-openlineage 2.3.0 apache-airflow-providers-postgres 6.2.0 apache-airflow-providers-redis 4.1.0 apache-airflow-providers-sendgrid 4.1.0 apache-airflow-providers-sftp 5.3.0 apache-airflow-providers-slack 9.1.0 apache-airflow-providers-smtp 2.1.0 apache-airflow-providers-snowflake 6.3.1 apache-airflow-providers-ssh 4.1.0 apache-airflow-providers-standard 1.2.0 apache-airflow-task-sdk 1.0.2 apispec 6.8.2 argcomplete 3.6.2 asgiref 3.8.1 asn1crypto 1.5.1 asyncpg 0.30.0 asyncssh 2.21.0 attrs 25.3.0 Authlib 1.3.1 azure-batch 14.2.0 azure-common 1.1.28 azure-core 1.34.0 azure-cosmos 4.9.0 azure-datalake-store 0.0.53 azure-identity 1.23.0 azure-keyvault-secrets 4.9.0 azure-kusto-data 5.0.3 azure-mgmt-containerinstance 10.1.0 azure-mgmt-containerregistry 14.0.0 azure-mgmt-core 1.5.0 azure-mgmt-cosmosdb 9.8.0 azure-mgmt-datafactory 9.2.0 azure-mgmt-datalake-nspkg 3.0.1 azure-mgmt-datalake-store 0.5.0 azure-mgmt-nspkg 3.0.2 azure-mgmt-resource 23.4.0 azure-mgmt-storage 23.0.0 azure-nspkg 3.0.2 azure-servicebus 7.14.2 azure-storage-blob 12.25.1 azure-storage-file-datalake 12.20.0 azure-storage-file-share 12.21.0 azure-synapse-artifacts 0.20.0 azure-synapse-spark 0.7.0 babel 2.17.0 backoff 2.2.1 bcrypt 4.3.0 beautifulsoup4 4.13.4 billiard 4.2.1 blinker 1.9.0 boto3 1.37.3 botocore 1.37.3 cachelib 0.13.0 cachetools 5.5.2 cadwyn 5.3.3 cattrs 25.1.0 celery 5.5.3 certifi 2025.4.26 cffi 1.17.1 chardet 5.2.0 charset-normalizer 3.4.2 click 8.2.1 click-didyoumean 0.3.1 click-plugins 1.1.1 click-repl 0.3.0 clickclick 20.10.2 colorama 0.4.6 colorlog 6.9.0 connexion 2.14.2 cron-descriptor 1.4.5 croniter 6.0.0 cryptography 42.0.8 db-dtypes 1.4.3 decorator 5.2.1 Deprecated 1.2.18 dill 0.3.1.1 dnspython 2.7.0 docker 7.1.0 docstring_parser 0.16 durationpy 0.10 ecdsa 0.19.1 elastic-transport 8.17.1 elasticsearch 8.18.1 email_validator 2.2.0 eventlet 0.40.0 fastapi 0.115.12 fastapi-cli 0.0.7 filelock 3.18.0 Flask 2.2.5 Flask-AppBuilder 4.6.3 Flask-Babel 2.0.0 Flask-JWT-Extended 4.7.1 Flask-Limiter 3.12 Flask-Login 0.6.3 Flask-Session 0.5.0 Flask-SQLAlchemy 2.5.1 Flask-WTF 1.2.2 flower 2.0.1 frozenlist 1.6.0 fsspec 2025.5.1 gcloud-aio-auth 5.4.2 gcloud-aio-bigquery 7.1.0 gcloud-aio-storage 9.4.0 gcsfs 2025.5.1 gevent 25.5.1 gitdb 4.0.12 GitPython 3.1.44 google-ads 26.1.0 google-analytics-admin 0.24.0 google-api-core 2.25.0 google-api-python-client 2.170.0 google-auth 2.40.2 google-auth-httplib2 0.2.0 google-auth-oauthlib 1.2.2 google-cloud-aiplatform 1.95.1 google-cloud-alloydb 0.4.6 google-cloud-appengine-logging 1.6.1 google-cloud-audit-log 0.3.2 google-cloud-automl 2.16.3 google-cloud-batch 0.17.35 google-cloud-bigquery 3.34.0 google-cloud-bigquery-datatransfer 3.19.1 google-cloud-bigtable 2.31.0 google-cloud-build 3.31.1 google-cloud-compute 1.30.0 google-cloud-container 2.57.0 google-cloud-core 2.4.3 google-cloud-datacatalog 3.27.1 google-cloud-dataflow-client 0.9.0 google-cloud-dataform 0.6.2 google-cloud-dataplex 2.10.2 google-cloud-dataproc 5.18.1 google-cloud-dataproc-metastore 1.18.2 google-cloud-dlp 3.30.0 google-cloud-kms 3.5.1 google-cloud-language 2.17.1 google-cloud-logging 3.12.1 google-cloud-managedkafka 0.1.11 google-cloud-memcache 1.12.1 google-cloud-monitoring 2.27.1 google-cloud-orchestration-airflow 1.17.5 google-cloud-os-login 2.17.1 google-cloud-pubsub 2.29.0 google-cloud-redis 2.18.1 google-cloud-resource-manager 1.14.2 google-cloud-run 0.10.18 google-cloud-secret-manager 2.23.3 google-cloud-spanner 3.55.0 google-cloud-speech 2.32.0 google-cloud-storage 2.19.0 google-cloud-storage-transfer 1.17.0 google-cloud-tasks 2.19.2 google-cloud-texttospeech 2.27.0 google-cloud-translate 3.20.2 google-cloud-videointelligence 2.16.1 google-cloud-vision 3.10.1 google-cloud-workflows 1.18.1 google-crc32c 1.7.1 google-genai 1.2.0 google-resumable-media 2.7.2 googleapis-common-protos 1.70.0 graphviz 0.20.3 greenlet 3.2.2 grpc-google-iam-v1 0.14.2 grpc-interceptor 0.15.4 grpcio 1.72.1 grpcio-gcp 0.2.2 grpcio-status 1.62.3 gunicorn 23.0.0 h11 0.16.0 h2 4.2.0 hpack 4.1.0 httpcore 1.0.9 httplib2 0.22.0 httptools 0.6.4 httpx 0.27.0 humanize 4.12.3 hvac 2.3.0 hyperframe 6.1.0 idna 3.10 ijson 3.4.0 immutabledict 4.2.1 importlib_metadata 8.4.0 inflection 0.5.1 isodate 0.7.2 itsdangerous 2.2.0 Jinja2 3.1.6 jmespath 0.10.0 joblib 1.5.1 jsonpath-ng 1.7.0 jsonschema 4.24.0 jsonschema-specifications 2025.4.1 kombu 5.5.4 kubernetes 31.0.0 kubernetes_asyncio 30.3.1 lazy-object-proxy 1.11.0 libcst 1.8.0 limits 5.2.0 linkify-it-py 2.0.3 lockfile 0.12.2 looker-sdk 25.8.0 lxml 5.3.2 Mako 1.3.10 markdown-it-py 3.0.0 MarkupSafe 3.0.2 marshmallow 3.26.1 marshmallow-sqlalchemy 0.28.2 mdurl 0.1.2 methodtools 0.4.7 microsoft-kiota-abstractions 1.9.3 microsoft-kiota-authentication-azure 1.9.3 microsoft-kiota-http 1.9.3 microsoft-kiota-serialization-json 1.9.3 microsoft-kiota-serialization-text 1.9.3 more-itertools 10.7.0 msal 1.32.3 msal-extensions 1.3.1 msgraph-core 1.3.4 msgspec 0.19.0 msrest 0.7.1 msrestazure 0.6.4.post1 multidict 6.4.4 mysql-connector-python 9.3.0 mysqlclient 2.2.7 numpy 1.26.4 oauthlib 3.2.2 openlineage-integration-common 1.33.0 openlineage-python 1.33.0 openlineage_sql 1.33.0 opentelemetry-api 1.27.0 opentelemetry-exporter-otlp 1.27.0 opentelemetry-exporter-otlp-proto-common 1.27.0 opentelemetry-exporter-otlp-proto-grpc 1.27.0 opentelemetry-exporter-otlp-proto-http 1.27.0 opentelemetry-proto 1.27.0 opentelemetry-sdk 1.27.0 opentelemetry-semantic-conventions 0.48b0 ordered-set 4.1.0 packaging 25.0 pandas 2.1.4 pandas-gbq 0.29.0 paramiko 3.5.1 pathspec 0.12.1 pendulum 3.1.0 pip 25.1.1 platformdirs 4.3.8 pluggy 1.6.0 ply 3.11 portalocker 2.10.1 prison 0.2.1 prometheus_client 0.22.1 prompt_toolkit 3.0.51 propcache 0.3.1 proto-plus 1.26.1 protobuf 4.25.8 psutil 7.0.0 psycopg2-binary 2.9.10 pyarrow 16.1.0 pyasn1 0.6.1 pyasn1_modules 0.4.1 PyAthena 3.14.1 pycparser 2.22 pydantic 2.11.5 pydantic_core 2.33.2 pydata-google-auth 1.9.1 Pygments 2.19.1 PyJWT 2.10.1 PyMySQL 1.1.1 PyNaCl 1.5.0 pyodbc 5.2.0 pyOpenSSL 25.1.0 pyparsing 3.2.3 python-daemon 3.1.2 python-dateutil 2.9.0.post0 python-dotenv 1.1.0 python-http-client 3.3.7 python-ldap 3.4.4 python-multipart 0.0.20 python-slugify 8.0.4 python3-saml 1.16.0 pytz 2025.2 PyYAML 6.0.2 redis 5.2.1 redshift-connector 2.1.7 referencing 0.36.2 requests 2.32.3 requests-oauthlib 2.0.0 requests-toolbelt 1.0.0 retryhttp 1.3.3 rich 13.9.4 rich-argparse 1.7.1 rich-toolkit 0.14.7 rpds-py 0.25.1 rsa 4.9.1 ruamel.yaml 0.18.12 ruamel.yaml.clib 0.2.12 s3transfer 0.11.3 sagemaker_studio 1.0.14 scikit-learn 1.6.1 scipy 1.15.3 scramp 1.4.5 sendgrid 6.11.0 setproctitle 1.3.6 setuptools 80.8.0 shapely 2.1.1 shellingham 1.5.4 six 1.17.0 slack_sdk 3.35.0 smmap 5.0.2 sniffio 1.3.1 snowflake-connector-python 3.15.0 snowflake-sqlalchemy 1.7.3 sortedcontainers 2.4.0 soupsieve 2.7 SQLAlchemy 1.4.54 sqlalchemy-bigquery 1.14.1 SQLAlchemy-JSONField 1.0.2 sqlalchemy-spanner 1.11.0 SQLAlchemy-Utils 0.41.2 sqlparse 0.5.3 sshtunnel 0.4.0 starkbank-ecdsa 2.2.0 starlette 0.46.2 statsd 4.0.1 std-uritemplate 2.0.5 structlog 25.4.0 svcs 25.1.0 tabulate 0.9.0 tenacity 9.1.2 termcolor 3.1.0 text-unidecode 1.3 threadpoolctl 3.6.0 tomlkit 0.13.2 tornado 6.5.1 tqdm 4.67.1 typer 0.16.0 types-protobuf 6.30.2.20250516 types-requests 2.32.0.20250602 typing_extensions 4.13.2 typing-inspection 0.4.1 tzdata 2025.2 uc-micro-py 1.0.3 universal_pathlib 0.2.6 uritemplate 4.2.0 urllib3 2.4.0 uuid6 2024.7.10 uv 0.7.8 uvicorn 0.34.3 uvloop 0.21.0 vine 5.1.0 watchfiles 1.0.5 watchtower 3.4.0 wcwidth 0.2.13 websocket-client 1.8.0 websockets 14.2 Werkzeug 2.2.3 wirerope 1.0.0 wrapt 1.17.2 WTForms 3.2.1 xmlsec 1.3.14 yarl 1.20.0 zipp 3.22.0 zope.event 5.0 zope.interface 7.2
Deployment
Official Apache Airflow Helm Chart
Deployment details
Navigate to the Airflow web UI (v3.0.2). Go to the Security menu. Attempt to access the Search panel. Expected behavior: The Search panel should open and allow interaction as expected.
Anything else?
Tested in Chrome, firefox and Edge.
Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.
![boring-cyborg[bot] avatar](https://avatars.githubusercontent.com/in/50386?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi, could you provide screenshot to help us better understand this issue?
Hi Guys,
When you clic in search or action the UI do not react.
FYI an other issue to open... when you clic save the UI do not react (for role and user at least) and if clic back a white screen appear :
Hi @carlos54, I think this issue is related to this one #50373 .
Because the script is blocked, these buttons cannot work.
Line 49 in airflow/airflow-core/src/airflow/ui/src/pages/Security.tsx
I have tried changing this line into sandbox="allow-scripts allow-same-origin allow-forms", and the buttons can work. However, this might not be a good way to solve this issue.
Here's how I patched the image for my Docker-based Airflow installation:
FROM apache/airflow:3.0.2
RUN sed -i 's/sandbox:"allow-same-origin allow-forms"/sandbox:"allow-scripts allow-same-origin allow-forms"/' /home/airflow/.local/lib/python3.12/site-packages/airflow/ui/dist/assets/index-*.js
Like @Jasperora mentioned, this is a quick fix for dev / testing before the issue is probably fixed.
This is related to CSP. This was discussed in https://github.com/apache/airflow/issues/49895, you should configure the appropriate rule at your proxy level. (allowing scripting and the appropriate domains). Closing.
Feel free to reopen if needed.
We still need to enable script on the iframe, solved in https://github.com/apache/airflow/pull/52257.