Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content-Security-Policy (IFrame embeding) not working in new version #907

Open
LukaPitamic opened this issue May 29, 2023 · 3 comments
Open
Labels
bug Something isn't working

Comments

@LukaPitamic
Copy link

LukaPitamic commented May 29, 2023

Bug description

Content-Security-Policy settings are not respected in new version of Jupyter Hub.
Following screen capture is demonstrating how same settings worked in JupyterHub v1.4.0 and in v1.5.1 it doesn't work any more:
https://app.screencast.com/F2BhHsTAYG1bo

In order to debug the problem I tried to dive into logs according to:
https://tljh.jupyter.org/en/latest/troubleshooting/logs.html
...no sign of any error in any file

Same settings on both JupyterHub instances

JupyterHub settings in file /opt/tljh/config/jupyterhub_config.d/jupyterhub_config.py:

c.JupyterHub.tornado_settings = {'headers': {'Content-Security-Policy': "frame-ancestors *;"}}
c.Spawner.args = ['--config=/home/jupyter_notebook_config.py']

Jupyter notebook settings in file: /home/jupyter_notebook_config.py

c.NotebookApp.tornado_settings={'headers': {'Content-Security-Policy': "frame-ancestors *;"}}

Other relevant context info

  • nginx settings for both JupyterHub instances are exactly the same
  • os is exactly the same in both cases: ubuntu 20.04
  • python versions
    • in case of working (old) JupyterHub v1.4.0, default Python version is 3.7
    • in case of problematic (new) JupyterHub v1.5.1, default Python version is 3.9
@LukaPitamic LukaPitamic added the bug Something isn't working label May 29, 2023
@LukaPitamic
Copy link
Author

Hi guys, is there any way to install older version of Jupyter Hub?

@MridulS
Copy link
Collaborator

MridulS commented Aug 9, 2023

Could you maybe try out the beta 1.0.0 release for TLJH? https://tljh.jupyter.org/en/latest/reference/changelog.html#id1
Does the problem persists?

This comes with JupyterHub 4.X series.

There is also #312 with some more discussion.

@LukaPitamic
Copy link
Author

@MridulS I installed JupyterHub 1.0.0 and went over all available relevant threads addressing this problem. Now on FireFox everything works, however on chromium-based browsers (Brave) I still cannot get it to work - I'm getting:

image

BTW, of course I tried incognito mode without any plugins.

I simply don't know what else to do, any direction would be highly apprichiated. The goal is very simple, to embed JupyterHub into Nextcloud iFrame to integrate user experience of the whole team.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants