ein 20220419: ein:run - 403 POST /login (127.0.0.1): XSRF cookie does not match POST argument

[xgqt]

Problem description

ein:run fails to connect.

Steps to reproduce the problem

Run ein:run

System info:

("EIN system info" :emacs-version "GNU Emacs 28.1 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.31)
 of 2022-04-18" :window-system x :emacs-variant nil :build "--prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --datarootdir=/usr/share --disable-silent-rules --docdir=/usr/share/doc/emacs-28.1 --htmldir=/usr/share/doc/emacs-28.1/html --libdir=/usr/lib64 --program-suffix=-emacs-28 --includedir=/usr/include/emacs-28 --infodir=/usr/share/info/emacs-28 --localstatedir=/var --enable-locallisppath=/etc/emacs:/usr/share/emacs/site-lisp --without-compress-install --without-hesiod --without-pop --with-file-notification=inotify --with-pdumper --disable-acl --without-dbus --with-modules --with-gameuser=:gamestat --with-libgmp --without-gpm --without-native-compilation --with-json --without-kerberos --without-kerberos5 --without-lcms2 --with-xml2 --without-mailutils --without-selinux --with-gnutls --without-libsystemd --with-threads --without-wide-int --with-zlib --with-sound=no --with-x --without-ns --without-gconf --without-gsettings --without-toolkit-scroll-bars --with-gif --with-jpeg --with-png --with-rsvg --with-tiff --with-xpm --with-imagemagick --with-xft --without-cairo --with-harfbuzz --without-libotf --without-m17n-flt --with-x-toolkit=gtk3 --without-xwidgets --with-dumping=pdumper 'CFLAGS=-march=znver1 -O3 -falign-functions=32 -fno-common -fstack-clash-protection -fstack-protector-strong -pipe -fdiagnostics-color=always -frecord-gcc-switches' CPPFLAGS= 'LDFLAGS=-Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0'" :os
 (:uname "Linux magentalane 5.15.32-gentoo-r1-magentalane-2022.04.05 #1 SMP PREEMPT Tue Apr 5 14:14:02 CEST 2022 x86_64 AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx AuthenticAMD GNU/Linux
" :lsb-release "LSB Version:    n/a
Distributor ID: Gentoo
Description:    Gentoo Base System release 2.7
Release:    2.7
Codename:   n/a
")
 :jupyter "Selected Jupyter core packages...
IPython          : 8.2.0
ipykernel        : 6.13.0
ipywidgets       : 7.7.0
jupyter_client   : 7.1.2
jupyter_core     : 4.9.2
jupyter_server   : not installed
jupyterlab       : not installed
nbclient         : 0.5.13
nbconvert        : 6.4.5
nbformat         : 5.2.0
notebook         : 6.4.10
qtconsole        : 5.2.2
traitlets        : 5.1.1
" :image-types
 (svg imagemagick png gif tiff jpeg xpm xbm pbm postscript)
 :image-types-available
 (svg imagemagick png gif tiff jpeg xpm xbm pbm postscript)
 :request-backend curl :ein
 (:version nil :source-dir "/usr/share/emacs/site-lisp/emacs-ipython-notebook/")
 :lib
 ((:name "websocket" :path "/usr/share/emacs/site-lisp/websocket/websocket.elc" :featurep t :version-var websocket-version :version "1.12")
  (:name "anaphora" :path "/usr/share/emacs/site-lisp/anaphora/anaphora.elc" :featurep t :version-var nil :version nil)
  (:name "request" :path "/usr/share/emacs/site-lisp/request/request.elc" :featurep t :version-var request-version :version "0.3.3")
  (:name "deferred" :path "/usr/share/emacs/site-lisp/deferred/deferred.elc" :featurep t :version-var deferred:version :version "0.5.0")
  (:name "polymode" :path "/usr/share/emacs/site-lisp/polymode/polymode.elc" :featurep t :version-var nil :version nil)
  (:name "dash" :path "/usr/share/emacs/site-lisp/dash/dash.elc" :featurep t :version-var nil :version nil)
  (:name "with-editor" :path "/usr/share/emacs/site-lisp/with-editor/with-editor.elc" :featurep nil :version-var nil :version nil)))

Logs:

request-log:

[debug] request--curl: --silent --location --cookie /home/xy/.config/emacs/request/curl-cookie-jar --cookie-jar /home/xy/.config/emacs/request/curl-cookie-jar --include --write-out \n(:num-redirects %{num_redirects} :url-effective "%{url_effective}") --junk-session-cookies --trace-ascii /tmp/curl-trace --compressed --header User-Agent: Mozilla/5.0 --header X-XSRFTOKEN: 2|b1915552|76598b69d28151294d9da2a20d9dca2b|1651665614 --url http://127.0.0.1:8888/login --data-binary @-
[debug] request--curl-callback: event exited abnormally with code 22

[debug] request--callback: UNPARSED
HTTP/1.1 403 Forbidden
Server: TornadoServer/6.1
Content-Type: text/html
Date: Wed, 04 May 2022 12:03:31 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'; report-uri /api/security/csp-report
Content-Length: 7204
Set-Cookie: _xsrf=2|40ca6810|4211b3f6e57f652b46572f4c4c8af1b2|1651665811; Path=/

(:num-redirects 0 :url-effective "http://127.0.0.1:8888/login")
[error] request--callback: peculiar error
[debug] request--callback: executing error
[debug] request--callback: executing complete

ein:log-all:

14:03:26:884: [info] ein:jupyter-server--run: /usr/bin/jupyter notebook --notebook-dir=/home/xy/python/notebooks/ --debug --no-browser @#<buffer notebooks>
14:03:31:091: [debug] Login attempt #0 in response to nil from http://127.0.0.1:8888. @#<buffer notebooks>
14:03:31:135: [error] Login to http://127.0.0.1:8888 failed, error-thrown (error . exited abnormally with code 22 ), raw-header HTTP/1.1 403 Forbidden
Server: TornadoServer/6.1
Content-Type: text/html
Date: Wed, 04 May 2022 12:03:31 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'; report-uri /api/security/csp-report
Content-Length: 7204
Set-Cookie: _xsrf=2|40ca6810|4211b3f6e57f652b46572f4c4c8af1b2|1651665811; Path=/
 @#<buffer notebooks>
14:03:31:139: [debug] ein:notebooklist-login--complete STATUS: nil DATA: nil @#<buffer notebooks>
14:07:15:821: [warn] ein:dev-packages: Cannot open load file: No such file or directory, ein-pkg @#<buffer  *temp*>

ein server:

[D 14:03:27.708 NotebookApp] Searching ['/home/xy/python/notebooks', '/home/xy/.config/python/jupyter', '/home/xy/.local/etc/jupyter', '/usr/etc/jupyter', '/usr/local/etc/jupyter', '/etc/jupyter'] for config files
[D 14:03:27.708 NotebookApp] Looking for jupyter_config in /etc/jupyter
[D 14:03:27.708 NotebookApp] Looking for jupyter_config in /usr/local/etc/jupyter
[D 14:03:27.708 NotebookApp] Looking for jupyter_config in /usr/etc/jupyter
[D 14:03:27.708 NotebookApp] Looking for jupyter_config in /home/xy/.local/etc/jupyter
[D 14:03:27.709 NotebookApp] Looking for jupyter_config in /home/xy/.config/python/jupyter
[D 14:03:27.709 NotebookApp] Looking for jupyter_config in /home/xy/python/notebooks
[D 14:03:27.709 NotebookApp] Looking for jupyter_notebook_config in /etc/jupyter
[D 14:03:27.710 NotebookApp] Looking for jupyter_notebook_config in /usr/local/etc/jupyter
[D 14:03:27.710 NotebookApp] Looking for jupyter_notebook_config in /usr/etc/jupyter
[D 14:03:27.710 NotebookApp] Looking for jupyter_notebook_config in /home/xy/.local/etc/jupyter
[D 14:03:27.710 NotebookApp] Looking for jupyter_notebook_config in /home/xy/.config/python/jupyter
[D 14:03:27.710 NotebookApp] Looking for jupyter_notebook_config in /home/xy/python/notebooks
[D 14:03:27.711 NotebookApp] Raising open file limit: soft 1024->4096; hard 4096->4096
[D 14:03:27.715 NotebookApp] Paths used for configuration of jupyter_notebook_config: 
        /etc/jupyter/jupyter_notebook_config.d/ipyparallel.json
        /etc/jupyter/jupyter_notebook_config.json
[D 14:03:27.716 NotebookApp] Paths used for configuration of jupyter_notebook_config: 
        /usr/local/etc/jupyter/jupyter_notebook_config.json
[D 14:03:27.716 NotebookApp] Paths used for configuration of jupyter_notebook_config: 
        /usr/etc/jupyter/jupyter_notebook_config.json
[D 14:03:27.717 NotebookApp] Paths used for configuration of jupyter_notebook_config: 
        /home/xy/.local/etc/jupyter/jupyter_notebook_config.json
[D 14:03:27.717 NotebookApp] Paths used for configuration of jupyter_notebook_config: 
        /home/xy/.config/python/jupyter/jupyter_notebook_config.json
[W 14:03:28.009 NotebookApp] Error loading server extension ipyparallel
    Traceback (most recent call last):
      File "/usr/lib/python3.10/site-packages/notebook/notebookapp.py", line 2030, in init_server_extensions
        func(self)
      File "/usr/lib/python3.10/site-packages/ipyparallel/__init__.py", line 91, in _load_jupyter_server_extension
        from .nbextension.handlers import load_jupyter_server_extension
      File "/usr/lib/python3.10/site-packages/ipyparallel/nbextension/handlers.py", line 7, in <module>
        from jupyter_server.utils import url_path_join as ujoin
    ModuleNotFoundError: No module named 'jupyter_server'
[I 14:03:28.015 NotebookApp] Serving notebooks from local directory: /home/xy/python/notebooks
[I 14:03:28.015 NotebookApp] Jupyter Notebook 6.4.10 is running at:
[I 14:03:28.015 NotebookApp] http://localhost:8888/?token=b37a781f39ab9ad8fbe435805de90e819db97ede1b00e064
[I 14:03:28.015 NotebookApp]  or http://127.0.0.1:8888/?token=b37a781f39ab9ad8fbe435805de90e819db97ede1b00e064
[I 14:03:28.015 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation).
[C 14:03:28.019 NotebookApp] 

    To access the notebook, open this file in a browser:
        file:///home/xy/.local/share/jupyter/runtime/nbserver-68579-open.html
    Or copy and paste one of these URLs:
        http://localhost:8888/?token=b37a781f39ab9ad8fbe435805de90e819db97ede1b00e064
     or http://127.0.0.1:8888/?token=b37a781f39ab9ad8fbe435805de90e819db97ede1b00e064
[W 14:03:31.101 NotebookApp] 403 POST /login (127.0.0.1): XSRF cookie does not match POST argument
[D 14:03:31.102 NotebookApp] Using contents: services/contents
[D 14:03:31.103 NotebookApp] Using contents: services/contents
[D 14:03:31.129 NotebookApp] Path base/images/favicon.ico served from /usr/lib/python3.10/site-packages/notebook/static/base/images/favicon.ico
[D 14:03:31.130 NotebookApp] Path components/jquery-ui/themes/smoothness/jquery-ui.min.css served from /usr/lib/python3.10/site-packages/notebook/static/components/jquery-ui/themes/smoothness/jquery-ui.min.css
[D 14:03:31.130 NotebookApp] Path components/jquery-typeahead/dist/jquery.typeahead.min.css served from /usr/lib/python3.10/site-packages/notebook/static/components/jquery-typeahead/dist/jquery.typeahead.min.css
[D 14:03:31.130 NotebookApp] Path style/style.min.css served from /usr/lib/python3.10/site-packages/notebook/static/style/style.min.css
[D 14:03:31.131 NotebookApp] Path components/es6-promise/promise.min.js served from /usr/lib/python3.10/site-packages/notebook/static/components/es6-promise/promise.min.js
[D 14:03:31.131 NotebookApp] Path components/react/react.production.min.js served from /usr/lib/python3.10/site-packages/notebook/static/components/react/react.production.min.js
[D 14:03:31.131 NotebookApp] Path components/react/react-dom.production.min.js served from /usr/lib/python3.10/site-packages/notebook/static/components/react/react-dom.production.min.js
[D 14:03:31.131 NotebookApp] Path components/create-react-class/index.js served from /usr/lib/python3.10/site-packages/notebook/static/components/create-react-class/index.js
[D 14:03:31.131 NotebookApp] Path components/requirejs/require.js served from /usr/lib/python3.10/site-packages/notebook/static/components/requirejs/require.js
[D 14:03:31.132 NotebookApp] Path base/images/logo.png served from /usr/lib/python3.10/site-packages/notebook/static/base/images/logo.png
[W 14:03:31.132 NotebookApp] 403 POST /login (127.0.0.1) 31.630000ms referer=None

Messages

[...]
ein: [info] ein:jupyter-server--run: /usr/bin/jupyter notebook --notebook-dir=/home/xy/python/notebooks/ --debug --no-browser
[error] request--callback: peculiar error
ein: [error] Login to http://127.0.0.1:8888 failed, error-thrown (error . exited abnormally with code 22 ), raw-header HTTP/1.1 403 Forbidden
Server: TornadoServer/6.1
Content-Type: text/html
Date: Wed, 04 May 2022 12:03:31 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'; report-uri /api/security/csp-report
Content-Length: 7204
Set-Cookie: _xsrf=2|40ca6810|4211b3f6e57f652b46572f4c4c8af1b2|1651665811; Path=/
[...]

[dickmao]

Web security is such a pain in the ass. Then again, if all we want to do is run analyses, one wonders why bring on jupyter and all its web 2.0 baggage.

ein:query-prepare-header sees 2|b1915552|76598b69d28151294d9da2a20d9dca2b|1651665614, but your server expects 2|40ca6810|4211b3f6e57f652b46572f4c4c8af1b2|1651665811.

Upon login, the request.el library is supposed to reset the _xsrf entry for HttpOnly_127.0.0.1 in /home/xy/.config/emacs/request/curl-cookie-jar, but it's a delicate dance. In commit 6694467 I seem to have encountered something similar, but I've long forgotten the details.

[psteinb]

I have a similar problem. I can trigger it by restarting a kernel.

Checking my system, orphaned python processes stay alive even after a kernel is restarted.