Reo Ono

I have looked into this issue. First, even in the `jupyter/notebook`, the `_xsrf` cookie has not been set when `http://localhost:8889/api/contents/file.txt?token=the_token` has been accessed. Checking the implementation, I found that the...

Sorry, I didn't examine the proposed fix enough. After calling check_xsrf_cookie(), access to the API (e.g. http://localhost:8889/api/sessions) fails with "Blocking request from unknown origin". It is not desirable because it...

> But I think what we want is to set it on the first request. That is certainly true. I misunderstood the issue as I proceeded with the investigation. >...

> If authentication is turned off, then I guess we also want to turn off XSRF checking. On a different note, when I access `http://localhost:8889/lab` without authentication (`--ServerApp.token=""`), only the...

I am very sorry, I was working on branch 1.x. Please wait for a while while I will check with the main branch.

As the error message indicates, `self.current_user` was not set, so setting the xsrf cookie failed. (Normally, it is set by `prepare()` of JupyterHandler.) Therefore, it has been confirmed that JupyterLab...

I am sorry for the repeated questions. Although the `_xsrf` cookie has not been cleared so far, should it be cleared when logging out? Just to be sure, I have...

I just wanted to show that not deleting the xsrf cookie on logout is not a particularly big problem as before. I am sorry for the confusion. > Maybe we...

Is there any update on this? If not, I would like to work on this issue, to use fsspec for protocols not supported by pyfilesystem2. > My current preference is...

Thank you for your comment. I believe that the feature will be worthwhile even with default values at first, since it will also support protocols that are not yet supported...