How do the xsrf tokens get inserted into urls?


I’ve been doing some fiddly stuff with trying to render links to open one notebook from another. I’ve noticed that at somewhere between the kernel getting the result of an expression and it being rendered in my browser, for file links, an xsrf token is inserted. I cannot for the life of me work out when, where and how this is done. Is there a way I can generate my own xsrf protected links?



The url resolver ( asks the contents service to transform the url, adding the xsrf token:

1 Like

Ask the url resolver to transform the link, like the rendermime does: jupyterlab/renderers.ts at fa54a84033c1010ea5eed170b682c98c64f6f63e · jupyterlab/jupyterlab · GitHub