Just ran across this thread which seems related.
Although @minrk does not provide a specific issue link for the bug they’ve discovered, I set the relevant environment variable:
c.Spawner.environment = {
"JUPYTERHUB_SINGLEUSER_EXTENSION": "0",
}
and it DOES seem to have fixed the websocket 403 issue. I don’t understand why or what changed, but this is a workable solution for the time being.