Closed minrk closed 4 months ago
Many thanks for your fixes @minrk, greatly appreciated!
Worth linking this comment where I suggested using API tokens to make API requests, which avoids all xsrf fiddliness. This PR is the smallest change to keep things working as they are.
I didn't make the API token change because I don't know the best way to get the token from the Python to javascript in your stack, but if someone wants to take that on, the token is available as token = self.hub_auth.get_token(self)
when using JupyterHub authentication, and can then be injected into templates for authenticated pages, etc.
JupyterHub 4.1 applies XSRF checks consistently to authenticated GET requests, so apply the same
getCylcHeaders
logic in the graphQL POST request to all requests (userprofile was the only other one I found). As a result, thegetCylcHeaders
is moved to a common location inutils/url
, rather than being confined to graphQL.This solves the userprofile request, described in https://github.com/jupyterhub/jupyterhub/issues/4800
Together with https://github.com/cylc/cylc-uiserver/pull/592, cylc works with JupyterHub 4.1.5
Check List
CONTRIBUTING.md
and added my name as a Code Contributor.CHANGES.md
entry included if this is a change that can affect users