`nbgitpuller` not working on JupyterHub after latest updates

[jrdnbradford]

Bug description

nbgitpuller not synchronizing repositories on TLJH after latest JupyterHub updates. Issue occurs when updating already existent TLJH and when it is installed from scratch. I think it has something to do with XSRF/cookie changes in the latest JupyterHub version.

Edit: Z2JH has a similar issue and results in a 404.

See the detailed logs.

How to reproduce

1. Create a nbgitpuller link via https://nbgitpuller.readthedocs.io or the extension.
2. Use the link on the latest version of TLJH.

Expected behaviour

Repository should synchronize and then open the UI to the repo directory/file.

Actual behaviour

No sync occurs and the page freezes:

Your personal set up

• OS: Ubuntu 22.04
• Version(s): Littlest JupyterHub running JupyterHub 4.1.3

Full environment

``` > source /opt/tljh/hub/bin/activate > pip list Package Version -------------------------------- ---------- aiohttp 3.9.1 aiosignal 1.3.1 alembic 1.13.1 async-generator 1.10 async-timeout 4.0.3 attrs 23.2.0 backoff 2.2.1 bcrypt 4.1.2 cachetools 5.3.2 certifi 2023.11.17 certipy 0.1.3 cffi 1.16.0 charset-normalizer 3.3.2 cryptography 41.0.7 escapism 1.0.1 frozenlist 1.4.1 google-api-core 2.15.0 google-api-python-client 2.112.0 google-auth 2.26.1 google-auth-httplib2 0.2.0 google-auth-oauthlib 1.2.0 googleapis-common-protos 1.62.0 greenlet 3.0.3 httplib2 0.22.0 idna 3.6 Jinja2 3.1.2 jsonschema 4.20.0 jsonschema-specifications 2023.12.1 jupyter-telemetry 0.1.0 jupyterhub 4.1.3 jupyterhub-firstuseauthenticator 1.0.0 jupyterhub-idle-culler 1.3.1 jupyterhub-ldapauthenticator 1.3.2 jupyterhub-nativeauthenticator 1.2.0 jupyterhub-systemdspawner 1.0.1 jupyterhub-tmpauthenticator 1.0.0 jupyterhub-traefik-proxy 1.1.0 ldap3 2.9.1 Mako 1.3.0 MarkupSafe 2.1.3 multidict 6.0.4 oauthenticator 16.3.0 oauthlib 3.2.2 onetimepass 1.0.1 packaging 23.2 pamela 1.1.0 passlib 1.7.4 pip 24.0 pluggy 1.3.0 prometheus-client 0.19.0 protobuf 4.25.1 pyasn1 0.5.1 pyasn1-modules 0.3.0 pycparser 2.21 pycurl 7.45.2 PyJWT 2.8.0 pyOpenSSL 23.3.0 pyparsing 3.1.1 python-dateutil 2.8.2 python-json-logger 2.0.7 referencing 0.32.1 requests 2.31.0 requests-oauthlib 1.3.1 rpds-py 0.16.2 rsa 4.9 ruamel.yaml 0.17.40 ruamel.yaml.clib 0.2.8 setuptools 59.6.0 six 1.16.0 SQLAlchemy 2.0.25 the-littlest-jupyterhub 1.0.0 toml 0.10.2 tornado 6.4 traitlets 5.14.1 typing_extensions 4.9.0 uritemplate 4.1.1 urllib3 2.1.0 yarl 1.9.4 ``` ``` > source /opt/tljh/user/bin/activate > pip list Package Version ------------------------- --------------- aiohttp 3.9.3 aiosignal 1.3.1 aiosqlite 0.19.0 alembic 1.13.1 annotated-types 0.6.0 anyio 4.2.0 argon2-cffi 23.1.0 argon2-cffi-bindings 21.2.0 arrow 1.3.0 asttokens 2.4.1 async-generator 1.10 async-lru 2.0.4 async-timeout 4.0.3 attrs 23.2.0 Babel 2.14.0 beautifulsoup4 4.12.2 bleach 6.1.0 brotlipy 0.7.0 certifi 2022.12.7 certipy 0.1.3 cffi 1.15.1 charset-normalizer 3.1.0 click 8.1.7 cloudpickle 3.0.0 colorama 0.4.6 comm 0.2.1 conda 23.1.0 conda-package-handling 2.0.2 conda_package_streaming 0.7.0 contourpy 1.2.0 cryptography 40.0.1 cycler 0.12.1 dask 2024.1.1 dataclasses-json 0.6.4 debugpy 1.8.0 decorator 5.1.1 deepmerge 1.1.1 defusedxml 0.7.1 distributed 2024.1.1 et-xmlfile 1.1.0 exceptiongroup 1.2.0 executing 2.0.1 faiss-cpu 1.7.4 fastjsonschema 2.19.1 fonttools 4.47.0 fqdn 1.5.1 frozenlist 1.4.1 fsspec 2024.2.0 gitdb 4.0.11 GitPython 3.1.40 greenlet 3.0.3 idna 3.4 importlib-metadata 7.0.1 ipykernel 6.28.0 ipython 8.20.0 ipywidgets 8.1.1 isoduration 20.11.0 jedi 0.19.1 Jinja2 3.1.2 joblib 1.3.2 json5 0.9.14 jsonpatch 1.33 jsonpath-ng 1.6.1 jsonpointer 2.4 jsonschema 4.20.0 jsonschema-specifications 2023.12.1 jupyter_ai_magics 2.10.0 jupyter-archive 3.4.0 jupyter_client 8.6.0 jupyter_core 5.7.1 jupyter-events 0.9.0 jupyter-lsp 2.2.1 jupyter-resource-usage 1.0.1 jupyter_server 2.12.2 jupyter-server-mathjax 0.2.6 jupyter_server_terminals 0.5.1 jupyter-telemetry 0.1.0 jupyterhub 4.1.3 jupyterlab 4.0.10 jupyterlab_git 0.50.0 jupyterlab_pygments 0.3.0 jupyterlab_server 2.25.2 jupyterlab-widgets 3.0.9 kiwisolver 1.4.5 langchain 0.1.5 langchain-community 0.0.19 langchain-core 0.1.21 langsmith 0.0.87 libmambapy 1.4.1 locket 1.0.0 Mako 1.3.0 mamba 1.4.1 MarkupSafe 2.1.3 marshmallow 3.20.2 matplotlib 3.8.2 matplotlib-inline 0.1.6 mistune 3.0.2 mizani 0.9.3 msgpack 1.0.7 multidict 6.0.5 mypy-extensions 1.0.0 nbclient 0.9.0 nbconvert 7.14.0 nbdime 4.0.1 nbformat 5.9.2 nbgitpuller 1.2.0 nest-asyncio 1.5.8 nltk 3.8.1 notebook 7.0.6 notebook_shim 0.2.3 numpy 1.26.3 oauthlib 3.2.2 openpyxl 3.1.2 overrides 7.4.0 packaging 23.2 pamela 1.1.0 pandas 2.1.4 pandocfilters 1.5.0 parso 0.8.3 partd 1.4.1 patsy 0.5.6 pexpect 4.9.0 pillow 10.2.0 pip 23.3.2 platformdirs 4.1.0 plotnine 0.12.4 pluggy 1.0.0 ply 3.11 prometheus-client 0.19.0 prompt-toolkit 3.0.43 psutil 5.9.7 ptyprocess 0.7.0 pure-eval 0.2.2 pycosat 0.6.4 pycparser 2.21 pydantic 2.6.1 pydantic_core 2.16.2 Pygments 2.17.2 pyOpenSSL 23.1.1 pyparsing 3.1.1 PySocks 1.7.1 python-dateutil 2.8.2 python-json-logger 2.0.7 pytz 2023.3.post1 PyYAML 6.0.1 pyzmq 25.1.2 referencing 0.32.1 regex 2023.12.25 requests 2.31.0 rfc3339-validator 0.1.4 rfc3986-validator 0.1.1 rpds-py 0.16.2 ruamel.yaml 0.17.21 ruamel.yaml.clib 0.2.7 scikit-learn 1.3.2 scipy 1.11.4 Send2Trash 1.8.2 setuptools 65.6.3 six 1.16.0 smmap 5.0.1 sniffio 1.3.0 sortedcontainers 2.4.0 soupsieve 2.5 SQLAlchemy 2.0.25 stack-data 0.6.3 statsmodels 0.14.1 tblib 3.0.0 tenacity 8.2.3 terminado 0.18.0 threadpoolctl 3.2.0 tiktoken 0.5.2 tinycss2 1.2.1 tomli 2.0.1 toolz 0.12.0 tornado 6.4 tqdm 4.65.0 traitlets 5.14.1 types-python-dateutil 2.8.19.20240106 typing_extensions 4.9.0 typing-inspect 0.9.0 tzdata 2023.4 uri-template 1.3.0 urllib3 1.26.15 wcwidth 0.2.13 webcolors 1.13 webencodings 0.5.1 websocket-client 1.7.0 wheel 0.40.0 widgetsnbextension 4.0.9 yarl 1.9.4 zict 3.0.0 zipp 3.17.0 zstandard 0.19.0 ```

Configuration

Config uses Google OAuthenticator.

Logs

Google Cloud logs reveal a `302`: ``` Mar 28 18:42:07 tljh-instance jupyterhub-singleuser[1055838]: [I 2024-03-28 18:42:07.848 ServerApp] 302 GET /user/USERNAME/oauth_callback?code=[secret]&state=[secret] -> /user/USERNAME/git-pull/api?repo=https%3A%2F%2Fgithub.com%2FUSERNAME%2Ftree_2_df&targetpath=REPO (@136.167.9.181) 49.28ms ``` Firefox console shows: ``` Firefox can’t establish a connection to the server at https:///user/USERNAME/git-pull/api?repo=https%3A%2F%2Fgithub.com%2FUSERNAME%2Ftree_2_df&targetpath=REPO. ``` A `ERR_TOO_MANY_REDIRECTS` shows up in networking tools. Also shows important cookie warnings: ``` Storage access automatically granted for First-Party isolation “https://www.google.com” on “https://HUB_NAME”. git-pull The resource from “https://HUB_NAME/user/USERNAME/static/style/style.min.css” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). git-pull Some cookies are misusing the recommended “SameSite“ attribute 31 Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite api Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME-oauth-state” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “jupyterhub-user-USERNAME” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Cookie “_xsrf” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite oauth_callback Firefox can’t establish a connection to the server at https://HUB_NAME/user/USERNAME/git-pull/api?repo=https%3A%2F%2Fgithub.com%2FUSERNAME%2FREPO_NAME&targetpath=REPO_NAME&branch=main. gitsync.js:44:27 ```

[welcome[bot]]

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

[minrk]

@jrdnbradford you're absolutely right! This should be fixed by #346.

[jrdnbradford]

@minrk awesome. I installed the update but still no luck, getting a 403 error now on TLJH:

Firefox can’t establish a connection to the server at https://HUB_NAME/user/USERNAME/git-pull/api?repo=https%3A%2F%2Fgithub.com%2Fjupyterhub%2Fnbgitpuller&targetpath=nbgitpuller&branch=main. gitsync.js:46:31

[minrk]

Can you share the server logs, too? Those will be more informative

[jrdnbradford]

@minrk false alarm. Working now. Tested on another, I needed to clear my cache after install. Thanks!

[minrk]

Wonderful, thanks for testing and reporting back!

[jrdnbradford]

No, thank you! 👍🏼 It's possible that XSRF changes have had other downstream effects besides this one. I also added an issue in https://github.com/jupyter/nbconvert on similar grounds.