marimo icon indicating copy to clipboard operation
marimo copied to clipboard

Published 20 hours ago verified publisher icon marimo-team

Use pyodide_http.patch_all() instead of patch_urllib()

Open carlosefr opened this issue 7 months ago • 5 comments

HTTP requests done from a Marimo WASM notebook are not carrying any cookies that the browser may have stored. This breaks requests to URLs that use cookie-based authentication (e.g. where the user authenticates in another browser tab/window, like URLs protected by Cloudflare Access).

The underlying issue is the lack of the proper credential flags for XMLHttpRequest in pyodide-http and urllib3, and I've opened pull-requests for both of those projects:

  • https://github.com/urllib3/urllib3/pull/3591
  • https://github.com/koenvo/pyodide-http/pull/44

However, Marimo is only patching network calls for the standard library'surllib, and it should be patching all calls that pyodide-http knows about. If so, then only the pyodide-http change is necessary to have HTTP requests from Marimo start carrying (implicit) cookies.

See "cookies in wasm" thread on Discord: https://discord.com/channels/1059888774789730424/1358809549187977518

carlosefr avatar Apr 11 '25 13:04 carlosefr