Cookie_options argument on Spawner is returning an error

I’m trying to secure the xsrf cookie passing the tornado_settings through arguments of the Spawner with the following code:

c.Spawner.args = [“–ServerApp.tornado_settings= "cookie_options": {"SameSite": "None","Secure": True }, "xsrf_cookie_kwargs": {"httponly": True,"secure": True,"expires_days":1} }"]

But the jupyterHub service is giving me this error:

Nov 13 19:39:07 myserver python3[205310]: [E 2023-11-13 19:39:07.546 JupyterHub user:884] Unhandled error starting user_my’s server: ‘“xsrf_cookie_kwargs”’
Nov 13 19:39:07 myserver python3[205310]: Traceback (most recent call last):
Nov 13 19:39:07 myserver python3[205310]: File “/opt/tljh/hub/lib/python3.11/site-packages/jupyterhub/user.py”, line 798, in spawn
Nov 13 19:39:07 myserver python3[205310]: url = await gen.with_timeout(timedelta(seconds=spawner.start_timeout), f)
Nov 13 19:39:07 myserver python3[205310]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Nov 13 19:39:07 myserver python3[205310]: File “/opt/tljh/hub/lib/python3.11/site-packages/systemdspawner/systemdspawner.py”, line 334, in start
Nov 13 19:39:07 myserver python3[205310]: args=[self._expand_user_vars(a) for a in self.get_args()],
Nov 13 19:39:07 myserver python3[205310]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Nov 13 19:39:07 myserver python3[205310]: File “/opt/tljh/hub/lib/python3.11/site-packages/systemdspawner/systemdspawner.py”, line 334, in
Nov 13 19:39:07 myserver python3[205310]: args=[self._expand_user_vars(a) for a in self.get_args()],
Nov 13 19:39:07 myserver python3[205310]: ^^^^^^^^^^^^^^^^^^^^^^^^^
Nov 13 19:39:07 myserver python3[205310]: File “/opt/tljh/hub/lib/python3.11/site-packages/systemdspawner/systemdspawner.py”, line 182, in _expand_user_vars
Nov 13 19:39:07 myserver python3[205310]: return string.format(USERNAME=self.user.name, USERID=self.user.id)
Nov 13 19:39:07 myserver python3[205310]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Nov 13 19:39:07 myserver python3[205310]: KeyError: ‘“xsrf_cookie_kwargs”’
Nov 13 19:39:07 myserver python3[205310]:
Nov 13 19:39:07 myserver python3[205310]: [E 2023-11-13 19:39:07.721 JupyterHub pages:313] Error starting server user_my: ‘“xsrf_cookie_kwargs”’
Nov 13 19:39:07 myserver python3[205310]: Traceback (most recent call last):
Nov 13 19:39:07 myserver python3[205310]: NoneType: None
Nov 13 19:39:07 myserver python3[205310]:
Nov 13 19:39:07 myserver python3[205310]: [W 2023-11-13 19:39:07.722 JupyterHub web:1869] 500 GET /hub/spawn/user_my (10.225.46.126): Unhandled error starting server user_my

Someone can help me? Is there any other option to secure all the xsrf cookies ?

TLJH uses a variant of the SystemdSpawner, which interpolates strings:

You should be able to escape { ... } by doubling them: {{ ... }}

Thank you @manics It seems that know I’m not having the error, but I still without the xsrf secure for the user session.

image935×168 14.5 KB

I’m setting the configuration I send you before. This is the total content of the configuration file:

c.Spawner.args = ['--JupyterHub.tornado_settings={{\"cookie_options\": {{\"SameSite\": \"None\",\"Secure\": True }}, \"xsrf_cookie_kwargs\": {{\"httponly\": True,\"secure\": True,\"expires_days\":1}} }}']

c.Spawner.args = ['--ServerApp.tornado_settings={{\"cookie_options\": {{\"SameSite\": \"None\",\"Secure\": True }}, \"xsrf_cookie_kwargs\": {{\"httponly\": True,\"secure\": True,\"expires_days\":1}} }}']



c.Spawner.notebook_dir = '/home/adminaltia/automations'

# Configuraci  n de Tornado para JupyterHub
c.JupyterHub.tornado_settings = {
    "cookie_options": {
        "SameSite": "None",
        "Secure": True,
        "expires_days": 1
    },
    "xsrf_cookie_kwargs": {
        "secure": True,
        "httponly": True,
        "expires_days": 1
    }
}

I need to secure the xsrf cookie… Do you know what’s missing?

I’m wondering if you could fix the issue?