Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Describe problems and solutions involving CSP headers #3883
This PR just adds a section to the documentation describing problems and solutions to serving jupyter from a public server that uses the Content-Security-Policy (CSP) header.
I ran into these problems using the latest docker container
Now, because we have lots of different web apps running, we try to follow basic security guidelines — specifically Mozilla's guidelines, which includes a recommendation to use a restrictive CSP. I believe the problem is that our CSP includes
to the CSP, at least for the subdirectory where I'm serving jupyter. Now, everything's working great. (I also noticed that
I had a harder time than I should have figuring that out (because I was looking for 404s, and forgot to check the console for a while), so I'm hoping this at least shows up in search engines for people like me who just searched for the problem first.