search

cmd-ntrf / jupyter-lmod

Jupyter plugin that provides a tab for TACC Lmod (https://github.com/TACC/Lmod)
MIT License
28 stars 13 forks source link

inject XSRF token to all GET calls to be compliant with JupyterHub v4 #66

Closed lexming closed 4 months ago

lexming commented 4 months ago

This PR fixes the internal API calls with JupyterHub 4.1.5 and is one of the fixes needed for #65.

JupyterHub 4 requires all calls to non-static resources to be authenticated through either the JupyterHub API token or a XSRF token. Otherwise we hit a similar oauth redirect loop as described in issue https://github.com/jupyterhub/jupyterhub/issues/4800. Comment https://github.com/jupyterhub/jupyterhub/issues/4800#issuecomment-2092600254 explains in detail the options to solve it.

I chose to inject the XSRF token to all GET calls, as we already do that for POST calls and it's a relatively trivial fix.

cmd-ntrf commented 4 months ago

Thanks!

Are you saying the errors observed in #65 are not because of an incompatibility with JupyterLab 4?

lexming commented 4 months ago

The errors at the top of #65 are errors to build jupyter-lmod with JupyterLab 4. This PR fixes an error that happens at runtime though (with JupyterLab 4.2.0 and JupyterHub 4.1.5). Basically, I installed the wheel of jupyter-lmod-4.0.3 on top of those (skipping the need to build anything) to test and hit this problem.

cmd-ntrf commented 4 months ago

Gotcha.