search

jupyterhub / nbgitpuller

Jupyter server extension to sync a git repository one-way to a local path
https://nbgitpuller.readthedocs.io
BSD 3-Clause "New" or "Revised" License
205 stars 84 forks source link

include xsrf token in event stream request #346

Closed minrk closed 3 months ago

minrk commented 3 months ago

JupyterHub 4.1 increases strictness of xsrf checks (omitting it is no longer allowed on GET requests that are Sec-Fetch: cors, which includes this EventStream).

closes #344

yuvipanda commented 3 months ago

Thanks @minrk

I suspect the tests are failing because we need to now also specify the XSRF token in https://github.com/jupyterhub/nbgitpuller/blob/518c9c8af7f51c7c9797d1063c9ab89766fb9e52/tests/test_api.py#L16. But given that's coming from a python client, I'd have thought that it shouldn't have issues as long as the token is present?

minrk commented 3 months ago

Correct, if a token is present, xsrf shouldn't be checked. I'll have a look

minrk commented 3 months ago

403 was because I had an unrelated change in here to turn 302 into 403 while I was testing (302 to login on the EventSource isn't going to work). I've pulled that out and will do a separate PR.

minrk commented 3 months ago

Failure was unrelated, pulled out to #347