the-littlest-jupyterhub icon indicating copy to clipboard operation
the-littlest-jupyterhub copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

Content-Security-Policy (IFrame embeding) not working in new version

Open LukaPitamic opened this issue 2 years ago • 4 comments

Bug description

Content-Security-Policy settings are not respected in new version of Jupyter Hub. Following screen capture is demonstrating how same settings worked in JupyterHub v1.4.0 and in v1.5.1 it doesn't work any more:
https://app.screencast.com/F2BhHsTAYG1bo

In order to debug the problem I tried to dive into logs according to:
https://tljh.jupyter.org/en/latest/troubleshooting/logs.html
...no sign of any error in any file

Same settings on both JupyterHub instances

JupyterHub settings in file /opt/tljh/config/jupyterhub_config.d/jupyterhub_config.py:

c.JupyterHub.tornado_settings = {'headers': {'Content-Security-Policy': "frame-ancestors *;"}}
c.Spawner.args = ['--config=/home/jupyter_notebook_config.py']

Jupyter notebook settings in file: /home/jupyter_notebook_config.py

c.NotebookApp.tornado_settings={'headers': {'Content-Security-Policy': "frame-ancestors *;"}}

Other relevant context info

  • nginx settings for both JupyterHub instances are exactly the same
  • os is exactly the same in both cases: ubuntu 20.04
  • python versions
    • in case of working (old) JupyterHub v1.4.0, default Python version is 3.7
    • in case of problematic (new) JupyterHub v1.5.1, default Python version is 3.9

LukaPitamic avatar May 29 '23 09:05 LukaPitamic

Hi guys, is there any way to install older version of Jupyter Hub?

LukaPitamic avatar Jun 12 '23 14:06 LukaPitamic

Could you maybe try out the beta 1.0.0 release for TLJH? https://tljh.jupyter.org/en/latest/reference/changelog.html#id1 Does the problem persists?

This comes with JupyterHub 4.X series.

There is also https://github.com/jupyterhub/the-littlest-jupyterhub/issues/312 with some more discussion.

MridulS avatar Aug 09 '23 07:08 MridulS

@MridulS I installed JupyterHub 1.0.0 and went over all available relevant threads addressing this problem. Now on FireFox everything works, however on chromium-based browsers (Brave) I still cannot get it to work - I'm getting:

image

BTW, of course I tried incognito mode without any plugins.

I simply don't know what else to do, any direction would be highly apprichiated. The goal is very simple, to embed JupyterHub into Nextcloud iFrame to integrate user experience of the whole team.

LukaPitamic avatar Nov 10 '23 11:11 LukaPitamic