New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jupyterhub cross origin requests #1087
Comments
Unlike the single-user notebook application, JupyterHub doesn't have configuration to disable cross-origin security features. Only token-authenticated requests can be made cross-origin. |
Thanks for the reply. I want to followup to make sure I understand. The request I am making is for login This call is to JupyterHub and not the single user instance. Since JupyterHub doesn't have a way to set cross-origin allow values then I can't login to get the token and since I don't have a token I cannot login. Is there another way that people are using to login as part of another application? What I want to do is start a document with data created from another web application. JupyterHub is hosted in a container while my application is hosted somewhere else. |
I'm trying to do disable cross origin features since i'm sitting behind a reverse proxy. I've used the c.NotebookApp.allow_origin config, which probably didn't help as you pointed out above. Is it really not possible to disable this check in the hub? I'm seeing this issue only when trying to use a notebook or the terminal:
|
any ideas? |
The solution in my case was to use the spawner notebook extra args option (see below) to disable cross origin verification in the spawned notebook... Maybe it can help you too.
|
Closing this issue as resolved. Please feel free to leave an issue at jupyter/help or leave a comment requesting this issue be reopened. Thanks to all! |
@y2kbowen Were you ever able to work this one out? I'm having the same issue here. |
Same problem here. Any updates? @willingc I don't think this issue was ever resolved, and it should be reopened. |
I am having this problem, and I agree with @ihleonard-c3 that this issue should be reopened. I added the configuration |
There's a little confusion, since two unrelated issues are reported here. Allowing cross-origin access to running notebook servers certainly does still work via Cross-origin requests (with token) still doesn't work in the Hub, but #1539 fixs this. I've made a test that enables cross-origin on both the Hub and notebook server, and steps through a few requests on each. Cross-origin requests for the Hub can be enabled with (this will require >= 0.8.2): c.Spawner.args = [f'--NotebookApp.allow_origin={origin}']
c.JupyterHub.tornado_settings = {
'headers': {
'Access-Control-Allow-Origin': origin,
},
} but that only gets you so far, because you still need to get the token in the first place. As for the root of the original request, where the goal is an external service that wants to authenticate users with the Hub and then access the API, the answer will be OAuth. Right now, we have everything in place for this except:
|
@minrk Will 0.9 address this? |
We got part one (external oauth applications), but not part two (oauth scopes) because we need to implement a confirmation page to allow users to confirm granting access to take actions on their behalf. |
So I wrote up a gist with instructions on how to abate this issue It contains info on
|
I have a different but related problem: can't control JupyterHub from Jupyter when I'm running in a tunneled environment. The error is: Blocking Cross Origin API request. Referer: https://localhost:8443/hub/home, Host: localhost/hub/ The code is making the assumption about the port (that it is always the default 80 or 443), which I don't think it can do. A site might be configured with a reverse proxy |
It's quite late. but any way in case of anyone would be directed by Google later on. My circumstance, I followed this instruction to set up my Jupyter notebook behind nginx proxy: https://jupyter-docker-stacks.readthedocs.io/en/latest/using/recipes.html#running-behind-a-nginx-proxy. I focused on nginx configuration to overcome the problem, so I found this instruction: http://oskarhane.com/avoid-cors-with-nginx-proxy_pass/. It helped!. |
@robnagler I have actually the problem that you have mentioned. My nginx reverse proxy is running on a different port than 443. How did you fix your issue? |
I found a fix.
|
This issue has been mentioned on Jupyter Community Forum. There might be relevant details there: https://discourse.jupyter.org/t/get-origin-of-the-request-in-notebook-config-py/7054/2 |
I'm closing this as this has expanded to cover several separate issues, some of which were fixed. |
Note that if you're using KubeSpawner, you'll want to use these two lines: c.KubeSpawner.cmd = 'jupyterhub-singleuser'
c.KubeSpawner.args = ['--ip=0.0.0.0', '--NotebookApp.allow_origin=*'] Providing the |
I have read the documentation but still having an issue with jupyterhub cross origin requests. I am running jupyter 4.3.0
I am making a request from my web application which when running under test has the origin http://localhost:5000. I am making the call from the client code to log into jupyterhub with the call:
This will return a cors exception on my browser. So I read this issue (issue 79) and updated the c.NotebookApp.allow_origin = '*' in my jupyter_notebook_config.py.
I am still having the same problem. I run JupyterHub in a container and I was attempting to make the change without rebuilding the image by logging in and updating configuration through a bash shell.
So, what reads this config file? Does JupyterHub read this file in addition to its own config? Here are the processes running in my container:
Does jupyterhub have its own config for the login or maybe the proxy? I did stop and restart the jupyterhub process and I killed my single user jupyter document process. It is running in this view because I am able to get the code to run if I run chrome with --disable-web-security --user-data-dir
Thanks for any input.
The text was updated successfully, but these errors were encountered: