Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix headers for CORS #1539

Merged
merged 1 commit into from Nov 16, 2017
Merged

fix headers for CORS #1539

merged 1 commit into from Nov 16, 2017

Conversation

minrk
Copy link
Member

@minrk minrk commented Nov 16, 2017

  • add authorization to default Access-Control-Allow-Headers
  • allow overriding Access-Control-Allow-Headers just like everything else
  • ensure case-insensitive comparison for proper header checks

With this fix, config to enable token-authenticated cross-origin requests on both the Hub itself and running notebooks

origin = 'http://localhost:9999'

c.Spawner.args = [f'--NotebookApp.allow_origin={origin}']
c.JupyterHub.tornado_settings = {
    'headers': {
        'Access-Control-Allow-Origin': origin,
    },
}

And an example of a page that does cross-origin access of both the notebook server and Hub, for testing.

cf #1087

@minrk
adjust headers for CORS
f6f7081 
- add `authorization` to default Access-Control-Allow-Headers
- allow overriding `Access-Control-Allow-Headers` just like everything else in case default is inappropriate
- ensure case-insensitive comparison for proper header checks
@minrk minrk mentioned this pull request Nov 16, 2017
Closed
willingc
willingc reviewed Nov 16, 2017
View reviewed changes
jupyterhub/apihandlers/base.py
super().set_default_headers()
self.set_header('Content-Type', 'application/json')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

willingc
willingc approved these changes Nov 16, 2017
View reviewed changes
Copy link
Contributor

@willingc willingc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @minrk. Thanks for the testing gists too.

@willingc willingc merged commit c283ccb into jupyterhub:master Nov 16, 2017
@minrk minrk deleted the cors-fix branch November 17, 2017 09:22
@blairdrummond blairdrummond mentioned this pull request Jun 15, 2020
Closed
@sunu sunu mentioned this pull request Jan 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willingc willingc willingc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@minrk @willingc