New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
accessing input web request session inside the notebook event handler #23
Comments
Hi Brian, in voila-dashboards/voila#414 we added some of the CGI and vars to the kernel, which are in https://datatracker.ietf.org/doc/html/rfc3875 . I don't see anything for cookies. I guess we should be able to pass the cookie information somehow to the kernel, but we'd have to dig into what standard we should use. cheers, Maarten |
Related: voila-dashboards/voila#835 |
You can try out the updated PR (voila-dashboards/voila#922) with:
Create a notebook test.ipynb: import os
import pprint
from http import cookies
cookie = cookies.SimpleCookie()
cookie.load(os.environ.get('HTTP_COOKIE', 'Cookie env var not found'))
cookie_dict = {key: morsel.value for key, morsel in cookie.items()}
pp = pprint.PrettyPrinter()
pp.pprint(cookie_dict) Start Voila:
|
@mariobuikhuizen We're finally getting around to testing the implementation of this on our end. I was able to test that this works in your example. I'm now trying to get this to work within our voila-embed infrastructure. I'm using the most recent My
In my notebook I have a test cell to capture the cookie output into a debug window
but when I load the page, I don't see any HTTP information
Do we need to change anything about what is sent to the notebook via the |
Ok, some progrees. I changed my voila command to
and now I at least get the User-Agent printed, but still no cookie.
|
I didn't test the cookie stuff with voila-embed :|. Looking a bit closer now, the voila server needs to be accessed from the same domain as the website, else the cookie from the website domain is not passed. This works for me with the nginx web server:
And then use |
Hmm ok. I'm running both servers locally, accessible on the same |
It also has to be the same port. |
hmm, then that might be the problem. The voila and web servers aren't running on the same port locally. I can try to hack something locally for testing but I'm not sure about our production environments. I'd have to talk to some other folks. |
I finally got it working on different ports (no need for proxying with nginx anymore), you'll need the following:
|
oh cool! ok, let me try that. |
Huzzah, that seemed to work! I think in our production environment, everything is proxied with nginx. Does this solution work under that framework as well? |
Yeah, should work the same. Only the websocket connection to Voila needs some special settings:
|
Ok, I checked our production nginx config for serving Voila and we have those settings in there. So we might be ok. |
Is the code change in |
We're in the process of integration our web authentication for the jdaviz site with voila-embed. Basically we need to restrict access to certain data based on user's authorization. Do
ipyvuetify
events orvoila_embed
requests allow access to the web request header or session cookie? I'm thinking in the notebook event handler, we extract the user info from the session cookie and validate it against the requested input data using our auth code. If it checks out we load Jdaviz proper, otherwise we return an alert message. Or are there other ideas on folding in authentication with notebooks?The text was updated successfully, but these errors were encountered: