jupyter-server-proxy icon indicating copy to clipboard operation
jupyter-server-proxy copied to clipboard
verified publisher icon jupyterhub

Mime type of Javascript inferred incorrectly for Tensorboard

Open whatnick opened this issue 2 years ago • 5 comments

Bug description

Mime type inference failure for tensorboard javascript file served by application with a query parameter.

Expected behaviour

Tensorboard application running withing Notebook container should load without issues in browsers with the MIME Type verification security feature enabled i.e. resources are not loaded if the browser sniffed MIME type is different from the server advertised mime type.

https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/

Actual behaviour

JupyterHub proxy fails to infer mimetype of file such as index.js?_file_hash=8b6358c7 as text/javascript

How to reproduce

  • Install tensorboard in jupyterhub with the proxy service running
  • Run tensorboard using tensorboard --logdir training
  • Server starts up on port 6006
  • Visit the server using proxy via path proxy/6006/
  • Tensorboard fails to load with this error
The resource from “[https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7”](https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7%E2%80%9D) was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 6006

Your personal set up

Zero-to-JupyterHub on EKS

  • OS: JupyterHub on EKS with Image built from Ubuntu 22.04
  • Version(s): JupyterHub : 3.11 Python : 3.10.6

whatnick avatar Apr 28 '23 07:04 whatnick

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

welcome[bot] avatar Apr 28 '23 07:04 welcome[bot]

jupyter-server-proxy should be proxying everything though. What mimetype header is sent by tensorboard?

manics avatar Apr 28 '23 09:04 manics

Seems like that is text/html, however when run directly it is javascript. I will run locally without proxy and report.

On Fri, 28 Apr 2023, 18:38 Simon Li, @.***> wrote:

jupyter-server-proxy should be proxying everything though. What mimetype header is sent by tensorboard?

— Reply to this email directly, view it on GitHub https://github.com/jupyterhub/jupyter-server-proxy/issues/405#issuecomment-1527238842, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADX7BEZE2BUZLD3OZ7L663XDOCKBANCNFSM6AAAAAAXO3U5ME . You are receiving this because you authored the thread.Message ID: @.***>

whatnick avatar Apr 28 '23 10:04 whatnick

We use tensorboard with JSP and JupyterLab and we didnt see any issues. Which version of tensorboard are you using?

mahendrapaipuri avatar Apr 28 '23 10:04 mahendrapaipuri