How to set secure cookie and httponly flag in z2jh

bpfrd · May 16, 2024, 3:40pm

Hi,

How can I set httponly flag in cookies in the z2jh yaml values?
this didn’t work

hub:
  config:
    Jupyterhub:
      cookie_options:
         secure: true

and says:

Config option `cookie_options` not recognized by `JupyterHub`

best,

bpfrd · May 17, 2024, 1:15pm

Hi,
I was wondering how we can secure _xsrf cookie.
best

manics · May 20, 2024, 9:42pm

There’s an example of setting cookie_options in

bpfrd · June 5, 2024, 8:16am

Hello,

This worked for some cookies but _xsrf in the paths /hub and /user/… is still missing attributes secure and httponly. I also tried in my ingress:

nginx.ingress.kubernetes.io/proxy-cookie-path: $uri "/; HTTPOnly; Secure; SameSite=strict"

but that didn’t help either.

would you know how to add secure and httponly attributes to _xsrf cookie as well?

best

Topic		Replies	Views
Inconsistency in values.yaml vs jupyterhub_config.py in z2jh Zero to JupyterHub on Kubernetes jupyterhub	4	231	January 16, 2024
Need guidance on setting up hub sidecar container Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	6	1153	April 7, 2021
Unable to get HTTPS to work using LetsEncrypt Zero to JupyterHub on Kubernetes help-wanted	0	97	May 22, 2024
After upgrade to 1.0.0 : failure in hub initialisation on cookie_secret Zero to JupyterHub on Kubernetes	4	941	June 15, 2021
Restricted PSP: z2jh fails in local gitlab oauth workflow Zero to JupyterHub on Kubernetes jupyterhub , how-to	4	979	October 5, 2020