Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WARNING: Blocking Cross Origin WebSocket Attempt #609

Closed
fleimgruber opened this issue May 20, 2020 · 7 comments
Closed

WARNING: Blocking Cross Origin WebSocket Attempt #609

fleimgruber opened this issue May 20, 2020 · 7 comments
Milestone
Reference

Comments

@fleimgruber
Copy link

Given a voila notebook hosted via Nginx as described in https://voila.readthedocs.io/en/stable/deploy.html, Voila gives a warning of

May 20 09:24:47 vh1046571 voila.sh[120114]: [Voila] Using /tmp to store connection files
May 20 09:24:47 vh1046571 voila.sh[120114]: [Voila] Storing connection files in /tmp/voila_0cma0_p9.
May 20 09:24:47 vh1046571 voila.sh[120114]: [Voila] Serving static files from /home/user/miniconda3/envs/the_project/lib/python3.7/site-packages/voila/static.
May 20 09:24:47 vh1046571 voila.sh[120114]: [Voila] Voila is running at:
May 20 09:24:47 vh1046571 voila.sh[120114]: http://localhost:8866/
May 20 09:24:58 vh1046571 voila.sh[120114]: [Voila] WARNING | Notebook main_notebook.ipynb is not trusted
May 20 09:24:58 vh1046571 voila.sh[120114]: [Voila] Kernel started: ef289c80-7f6f-4baa-ae44-62f95962ae03
May 20 09:25:06 vh1046571 voila.sh[120114]: [Voila] WARNING | Blocking Cross Origin WebSocket Attempt.  Origin: http://my-site.eu, Host: my-site.eu:80
May 20 09:25:06 vh1046571 voila.sh[120114]: WARNING:tornado.access:403 GET /api/kernels/ef289c80-7f6f-4baa-ae44-62f95962ae03/channels?session_id=4301d7ea-f90f-45e3-a6ce-b56fff0cf5ff (::1) 7.24ms
May 20 09:25:07 vh1046571 voila.sh[120114]: [Voila] WARNING | Replacing stale connection: ef289c80-7f6f-4baa-ae44-62f95962ae03:4301d7ea-f90f-45e3-a6ce-b56fff0cf5ff

and no results are shown in the client browser (only "Executing cells") in an otherwise working setup. I tried to follow jupyter/jupyter#232 with

c.NotebookApp.allow_origin = '*'

in ~/.jupyter/jupyter_notebook_config.py and /etc/jupyter/jupyter_notebook_config.py as well as .../etc/jupyter/nbconfig/notebook.d/voila.json but without luck.
@davidbrochart
Copy link
Member

Could you try passing the following settings to Tornado?

"--Voila.tornado_settings={'headers':{'Content-Security-Policy':\"frame-ancestors 'self' " + server_address + "\"}}"

@fleimgruber
Copy link
Author

fleimgruber commented May 20, 2020
edited
Loading

Thanks for the hint, I succeeded with --Voila.tornado_settings="{'allow_origin': '*'}". I could not get your example to work via CLI as I did not manage to get the string quoting right. Is there another place to put the exact string you mentioned?

The 'tornado_settings' trait of a Voila instance must be a dict, but a value of class 'str'  (i.e. '{headers:{Content-Security-Policy:"frame-ancestors') was specified.

@davidbrochart
Copy link
Member

Yes from the CLI you need to add quotes. That should work:

voila --Voila.tornado_settings="{'headers':{'Content-Security-Policy':\"frame-ancestors 'self' http://my-site.eu\"}}"

@fleimgruber
Copy link
Author

Yes, now voila does not complain anymore, but I still get the same Cross Origin Warning. Maybe this has to do with my specific nginx config or I am missing something else, but I won't test this further as the allow_origin approach solved it for me. Thanks again for the hint!

@luiztauffer
Copy link

Yes from the CLI you need to add quotes. That should work:

voila --Voila.tornado_settings="{'headers':{'Content-Security-Policy':\"frame-ancestors 'self' http://my-site.eu\"}}"

Thank you both for the solutions, I'd like to leave it here in case someone needs, this worked for me (on Powershell):

voila --Voila.tornado_settings="{'headers':{'Content-Security-Policy': 'frame-ancestors http://localhost:8000'}}"

The http://localhost:8000 is because the iframe is from a Django app also running locally, you should substitute for your own website address

@davidbrochart davidbrochart mentioned this issue Aug 16, 2020
Closed
@femiir
Copy link

femiir commented Jun 17, 2021

I am having the same issue using Heroku to deploy below is my procfile please help me out
web: voila --port=$PORT --Voila.tornado_settings="{'headers':{'Content-Security-Policy':\"frame-ancestors 'self' https://gismapdev.herokuapp.com/\"}}"--strip_sources=True --enable_nbextensions=True --MappingKernelManager.cull_interval=60 --MappingKernelManager.cull_idle_timeout=120 notebooks/gis.ipynb

@femiir
Copy link

femiir commented Jun 17, 2021

this worked for me

web: voila --Voila.tornado_settings='{"headers":{"Content-Security-Policy":"frame-ancestors self *" }}' --port=$PORT --no-browser --strip_sources=True --enable_nbextensions=True --MappingKernelManager.cull_interval=60 --MappingKernelManager.cull_idle_timeout=120 notebooks/gis.ipy

nb

@jtpio jtpio added this to the Reference milestone Jun 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Reference
Development

No branches or pull requests
5 participants
@jtpio @davidbrochart @fleimgruber @luiztauffer @femiir