Jupyter Notebook API: 403 only on put/patch

I have a bit of an unorthodox setup, so this is really a plea for help. Any guidance is greatly appreciated.

I have limited access to a server, that I am trying to run a “public” jupyter notebook server on. There is no HTTPS, which I realize is a very big no-no, but I can limit the damage by either using it on my own network or accessing via a VPN.

I can set up my own .htaccess rules (unknown exactly which rules I can / cannot use?) but have almost successfully managed to proxy a directory on my domain to a jupyter notebook server.

I can view, browse, and even create new notebooks / files. I can even execute code cells. However, I can’t save changes or rename the file, for example.

The jupyter server, even with --debug does not log any information when a PATCH or PUT request is issued. All I can see in the browser console (firefox and chrome) is that the response is a 403.

I don’t think it’s an authentication issue because I’ve tried logging out and back in, and I can also access the rest of the jupyter notebook server functions without trying to reauthenticate. I even tried to be explicit by chmod 777ing the files and folders in question, with no dice.

Is there a config variable I’ve missed somewhere? Something fundamentally wrong with reverse proxying the server? Flat out not possible?

Any guidance greatly appreciated.