Describe problems and solutions involving CSP headers #3883
This PR just adds a section to the documentation describing problems and solutions to serving jupyter from a public server that uses the Content-Security-Policy (CSP) header.
I ran into these problems using the latest docker container
Now, because we have lots of different web apps running, we try to follow basic security guidelines — specifically Mozilla's guidelines, which includes a recommendation to use a restrictive CSP. I believe the problem is that our CSP includes
to the CSP, at least for the subdirectory where I'm serving jupyter. Now, everything's working great. (I also noticed that
I had a harder time than I should have figuring that out (because I was looking for 404s, and forgot to check the console for a while), so I'm hoping this at least shows up in search engines for people like me who just searched for the problem first.