The current use of $.ajax is resulting in incorrect handling of authentication and XSRF tokens.
The JupyterLab ServerConnection object has a makeRequest method that will make sure to add all the necessary credentials to requests to the server. It would probably be more reliable to use ServerConnection.makeRequest to talk to the server. This does have the requirement that the requests go to the notebook server, I'm not sure if the gallery is sometimes (or usually!) somewhere else, in which case you'd have to duplicate some of makeRequest's behavior (for requests to the server). Specifically, this bit where authentication information is added to the request.
I do see use of makeRequest in environment-registration, so maybe it can be used everywhere (or at least everywhere you talk to the Jupyter server).
The current use of
$.ajaxis resulting in incorrect handling of authentication and XSRF tokens.The JupyterLab ServerConnection object has a makeRequest method that will make sure to add all the necessary credentials to requests to the server. It would probably be more reliable to use ServerConnection.makeRequest to talk to the server. This does have the requirement that the requests go to the notebook server, I'm not sure if the gallery is sometimes (or usually!) somewhere else, in which case you'd have to duplicate some of makeRequest's behavior (for requests to the server). Specifically, this bit where authentication information is added to the request.
I do see use of makeRequest in environment-registration, so maybe it can be used everywhere (or at least everywhere you talk to the Jupyter server).
The lack of XSRF implementation has led some users of nbgallery to disable all XSRF protections.
cc @cccs-nik