Can a JupyterHub slice user, somehow use th JupyterHub builtin proxy to pass a HTTP request received for an application running on a JupyterHub use slice listening to a specific port needing an api-key ofits own?
When I try this using curl to send an ‘Authorization:’ header it seems Jupyter intercepts that, assuming it to be the token for Jupyter while it is not.
Here’s a little diagram to explain the network topology I am referring to:
The client application (on VM with IP 19.20.41.50) connects with the server over http://19.20.21.22:8000/user/myuser/proxy/8080/api/v1 where the server has bound to 0.0.0.0:8080 and exposing REST API on endpoint /api/v1
The issue I am having is that when I add 'Authoization: ’ header with the API token for the server application (listening on port 8080 internally) is intercepted by JupyterHub Proxy (I think) saying that it is an invalid token (or something similar). So my server application never receives the ‘Authorization:’ header.
JupyterHub doesn’t have a built-in proxy on the singleuser side, but based on your URL you’re probably using
By default all requests to jupyter-server-proxy need to be authenticated, since in many cases the proxied service is not intended to be served on/via a public host.
I think you’ll need to fork or subclass to override ProxyHandler.prepare so you can remove web.authenticated
Obviously this opens up a big security hole since it completely disables auth on everything, so you’ll also need to change this to only apply to a single endpoint for your application.
Alternatively maybe you could modify your application to use an alternative header?