Auth redirects for service when making request from JS

minrk · April 17, 2024, 7:56am

If you want to allow cross-service requests to be authenticated with cookies, you’ll need to modify or disable the XSRF check. There are two ways:

set disable_check_xsrf=True in the tornado settings of your application. This will allow cross-site requests to your service (probably fine for announcements, but consider what’s in them)
define check_xsrf_cookie in your Handler class, to rely on another check that accepts requests from your whole site:

class MyHandler(HubOAuthenticated, web.RequestHandler):
    def check_xsrf_cookie(self):
        # replace xsrf token with Sec-Fetch requirement
        sec_fetch_site = self.headers.get("Sec-Fetch-Site", "unspecified")
        if sec_fetch_site != "same-origin":
            raise web.HTTPError(403, f"rejecting cross-origin request from: {sec_fetch_site}")

Topic		Replies	Views
Services Auth Issues After Upgrading to JuyterHub 2.1.1 JupyterHub help-wanted	5	726	March 2, 2022
OAuth redirect fails with JupyterHub in API-only mode JupyterHub jupyterhub , how-to , help-wanted	1	39	July 30, 2024
Changes in proxy from 2.1.1 to 2.2.2 JupyterHub	1	361	April 19, 2022
Jupyterhub returns 503 when 403 is expected JupyterHub jupyterlab	0	535	July 29, 2020
Oauth flow in jupyterhub on z2jh Zero to JupyterHub on Kubernetes how-to , help-wanted	9	1020	July 8, 2022

Auth redirects for service when making request from JS

Related Topics