Fix panel preview rendering on JupyterHub 4.1+

krassowski commented 1 month ago

Fixes https://github.com/holoviz/panel/issues/7039
Sibling to https://github.com/bokeh/bokeh/pull/14003

Briefly, when running on JupyterHub this PR:

loads the panel preview into srcdoc instead by using src as srcdoc is not subject to CSP
exposes information about the URL so that Bokeh can adjust the websocket URL accordingly

Before	After

How to test without installing JupyterHub

1. Install bokeh with https://github.com/bokeh/bokeh/pull/14003 applied 2. Run `jupyter --paths` and choose a writable config path from the `config:` section, e.g. `/home/username/my-env/etc/jupyter` 3. Open (create if needed) a `/home/username/my-env/etc/jupyter/jupyter_server_config.py`, paste the following: ```py c.LabApp.tornado_settings = { 'hub_prefix': '/hub', 'hub_host': 'test', 'user': 'test', 'headers': {'Content-Security-Policy': "frame-ancestors 'none'"} } ``` 4. Start `jupyter lab` 5. Open dev tools Network tab, click on a request and expand Response Headers, verify that CSP for frame ancestors is set to none: ![image](https://github.com/user-attachments/assets/f446bacb-5be2-4bef-9508-a4b844adb8bf) 6. Ensure that page data includes `hubPrefix` by viewing the source of JupyterLab page ![Screenshot from 2024-07-30 10-06-57](https://github.com/user-attachments/assets/cf74d7a2-a2e2-40bd-b876-7b294725047e) 7. Follow reproduction steps in https://github.com/holoviz/panel/issues/7039

krassowski commented 1 month ago

The build failure is unrelated - I opened https://github.com/holoviz/pyviz_comms/issues/126 and two PRs with proposed solutions.

philippjfr commented 1 month ago

Really appreciated! Will test and then cut a release asap.

holoviz / pyviz_comms

Fix panel preview rendering on JupyterHub 4.1+ #125