Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Define an allow_headers parameter in NotebookApp similar to Kernel gateway app. #2644

Closed
SimonBiggs opened this issue Jul 9, 2017 · 3 comments
Closed

[Feature Request] Define an allow_headers parameter in NotebookApp similar to Kernel gateway app. #2644

SimonBiggs opened this issue Jul 9, 2017 · 3 comments
Labels
status:resolved-locked
Milestone
Reference

Comments

@SimonBiggs
Copy link

SimonBiggs commented Jul 9, 2017
edited
Loading

The KernelGatewayApp class has a parameter called allow_headers. When trying to communicate to the server to achieve kernel tasks from another origin both allow_origin and allow_headers parameters need to be used as so:

jupyter kernelgateway --KernelGatewayApp.allow_origin='http://localhost:5000' --KernelGatewayApp.allow_headers='X-XSRFToken,Content-Type' --JupyterWebsocketPersonality.list_kernels=True

I have not been able to access kernel creation from another origin when using the NotebookApp. I retrieve errors that the headers X-XSRFToken are not allowed.

I'm not sure how to fix this myself as of yet. I can investigate deeper, but I thought there might be value in checking with you guys.
@SimonBiggs SimonBiggs changed the title [Feature Request] Define a allow_headers parameter in NotebookApp similar to Kernel gateway app. [Feature Request] Define an allow_headers parameter in NotebookApp similar to Kernel gateway app. Jul 9, 2017
@SimonBiggs SimonBiggs mentioned this issue Sep 17, 2017
Open
@rgbkrk
Copy link
Member

rgbkrk commented Sep 17, 2017

I think the token semantics are different and that you'd have to turn off the XSRF protection and enable token only access.

@SimonBiggs
Copy link
Author

SimonBiggs commented Sep 17, 2017
edited
Loading

One justification behind this was I was pretty keen to be able to work on writing a jupyterlab extension, have the extension hosted using a webpack dev server, and have the notebook server running in an "allow origin" mode from the webpack dev server.

It would be nice to be able to develop a jupyterlab extension and have the web browser automatically update as I write. Is there another way people have been achieving this during jupyterlab development?

I figured all I would need to do is boot up the notebook server with allow origins (and headers + methods), then update the jupyterlab settings services to point to the notebook server port. That way I can go to town with the benefits of the webpack dev server. Benefits such as webpack building everything directly in RAM instead of on disk and then via change detection rebuilding the necessary parts very quickly, and then auto refreshing the page. It makes development very nice. I figured it was worth trying to get up and running for the purpose of writing my extension.

@SimonBiggs
Copy link
Author

Hi @rgbkrk for my immediate purposes disabling xsrf protection and using token only access worked.

NotebookApp.launch_instance(
        port=KERNEL_PORT, ip=ip, port_retries=0,
        allow_origin=allow_origin,
        certfile=certificate, 
        keyfile=key,
        token=auth_token,
        password='',
        open_browser=False,
        tornado_settings={
            "xsrf_cookies": False
        })

@lresende lresende mentioned this issue Oct 4, 2017
Merged
@minrk minrk added this to the Reference milestone Sep 13, 2018
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status:resolved-locked
Projects
None yet
Milestone
Reference
Development

No branches or pull requests
3 participants
@minrk @rgbkrk @SimonBiggs