There's two custom headers sent by the client when requesting a kernel. One contains a client-generated session ID and the other the path of the associated dashboard-notebook. It's possible that these are covered by the purpose of the session API implemented in Jupyter notebook/kernel gateway. It might be better if we stick to the stock API instead of adding our own headers.
I don't see any immediate security issue with these headers. Only noting this for future compatibility / security reasons.
Spotted during #196
There's two custom headers sent by the client when requesting a kernel. One contains a client-generated session ID and the other the path of the associated dashboard-notebook. It's possible that these are covered by the purpose of the session API implemented in Jupyter notebook/kernel gateway. It might be better if we stick to the stock API instead of adding our own headers.
I don't see any immediate security issue with these headers. Only noting this for future compatibility / security reasons.