How to set secure cookie and httponly flag in z2jh

Hi,

How can I set httponly flag in cookies in the z2jh yaml values?
this didn’t work

hub:
  config:
    Jupyterhub:
      cookie_options:
         secure: true

and says:

Config option `cookie_options` not recognized by `JupyterHub`

best,

Hi,
I was wondering how we can secure _xsrf cookie.
best

There’s an example of setting cookie_options in

2 Likes

Hi, Thanks for your response.
As suggested in the example, I added this to my values.yaml

cookie_options = {"SameSite": "None", "Secure": True}
c.Spawner.environment.update({"JUPYTERHUB_COOKIE_OPTIONS": "{%s}" % json.dumps(cookie_options)})

and here is what I get in the logs

[D 2024-05-27 07:23:58.585 JupyterHub base:587] Setting cookie lti13authenticator-state: {'httponly': True, 'secure': True, 'expires_days': 1}

I was wondering how I can add security headers too.

best