New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSRF cookie path is set to '/' when using notebookapp instead of jupyter-server #3767
Comments
I think this means it's a bug in Jupyter Notebook that's fixed in Jupyter Server (this is the effect of setting JUPYTERHUB_SINGLEUSER_APP to 'notebook.notebookapp.NotebookApp' - you are changing the single-user server implementation to the older package). This appears to be the case. If it works for you, I think sticking with the newer server combined with the older UI is indeed the better way to go. |
@minrk, many thanks for the explanation particularly for the link! I am still confused about this setting for Anyway, I was able to apply the same fix you linked using a custom server extension:
This fixes the cookie path. However, I wish the problem were fixed in the upstream. I reported it here: jupyter/notebook#6278. So this issue could probably be closed. There are many plugins that do not yet work with jupyter lab, and we cannot completely abandon nbclassic. For example, nbgrader does not support jupyter lab. The workaround of changing the suffix |
Sorry, forgot I hadn't posted an answer to the last question.
There are two server implementations ( If the notebooks redirects don't work as they used to, that's a bug should be reported in jupyter-server. There are efforts to catch up nbgrader to be fully compatible with the new server (see jupyter/nbgrader#1006), but it's definitely AOK to opt-in to the older server in the meantime if you are still using extensions that require it. |
Think this can be closed, @minrk? |
Yes, thanks @yuvipanda! |
Bug description
If jupyterhub is used with classic notebooks by setting the environmental variable
JUPYTERHUB_SINGLEUSER_APP
as documented, then the XSRF cookie is installed in the incorrect path/
, which can result in the errorXSRF cookie does not match POST argument
if other notebooks are used on the same server, e.g., shared notebook services:Expected behaviour
If the variable is not set, then the cookie is installed for the path
/{base_url}/user/{username}/
for single user services and/{base_url}/services/{service}
for shared services. I I think these should be the correct locations also if the variable is set.Actual behaviour
If we have a configuration in which:
JUPYTERHUB_SINGLEUSER_APP
is set for the single user notebooksthen by opening first the user notebook, and then opening the shared notebook, results in the above error message.
How to reproduce
Dockerfile
:jupyterhub_config.py
:http://127.0.0.1:8000/test/
mal
and press "Sign in"XSRF cookie does not match POST argument
Your personal set up
Workaround
Instead of setting the variable
JUPYTERHUB_SINGLEUSER_APP
, setdefault_url=/tree
for example as follows:(I also tried setting
c.Spawner.default_url = '/tree'
but this did not work)The cookie is then set for the correct path, but then the notebook is not seem to be aware of jupyter hub: it displays "Junypter" logo instead of "JupyterHub" in the top left and the "Control Panel" button is not visible.
The text was updated successfully, but these errors were encountered: