How to set secure cookie and httponly flag in z2jh

bpfrd · May 16, 2024, 3:40pm

Hi,

How can I set httponly flag in cookies in the z2jh yaml values?
this didn’t work

hub:
  config:
    Jupyterhub:
      cookie_options:
         secure: true

and says:

Config option `cookie_options` not recognized by `JupyterHub`

best,

bpfrd · May 17, 2024, 1:15pm

Hi,
I was wondering how we can secure _xsrf cookie.
best

manics · May 20, 2024, 9:42pm

There’s an example of setting cookie_options in

bpfrd · June 5, 2024, 8:16am

Hello,

This worked for some cookies but _xsrf in the paths /hub and /user/… is still missing attributes secure and httponly. I also tried in my ingress:

nginx.ingress.kubernetes.io/proxy-cookie-path: $uri "/; HTTPOnly; Secure; SameSite=strict"

but that didn’t help either.

would you know how to add secure and httponly attributes to _xsrf cookie as well?

best

Topic		Replies	Views
Inconsistency in values.yaml vs jupyterhub_config.py in z2jh Zero to JupyterHub on Kubernetes jupyterhub	4	238	January 16, 2024
Set_login_cookie dont change the cookie in the current request JupyterHub jupyterhub , how-to	4	321	March 21, 2024
Need guidance on setting up hub sidecar container Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	6	1175	April 7, 2021
How to access jupyterhub only those who are logged in to our web? JupyterHub jupyterhub , how-to , help-wanted	1	959	May 18, 2021
After upgrade to 1.0.0 : failure in hub initialisation on cookie_secret Zero to JupyterHub on Kubernetes	4	942	June 15, 2021