Use a copy to avoid writing content security policy into settings['headers'],
which can be a problem because APIHandlers have a stricter CSP than page handlers.
If an API request is made before the first page request, pages will fail to load due to CSP violations.
This commit fixes issue #1387 by adding a file `robots.txt`
that makes robots go away.
This commit is also similar to
316665e5d7
as it also adds the `favicon.ico`.
add /api/status endpoint for retrieving current status
includes
- started: start time of the server
- last_activity: latest activity across all endpoints
- connections: number of current connections
- kernels: number of current kernels
- Cookie-authenticated API requests must use set X-XSRFToken header
- add utils.ajax for making ajax requests, adding xsrf header from default location
- add NotebookApp.login_token, used when NotebookApp.password is not set
- store login_token, bool(password) in notebook server-info file
- `jupyter notebook list` shows pasteable URLs with token
General changes:
- notebook servers are now authenticated by default
- first connect with token sets a cookie
- once a user has logged into one server with a token, their browser is logged in to
all subsequent servers on the same system+port until cookie_secret changes
There was a conflict for the .login_available property on LoginHandler itself
causing the login form to render incorrectly when login_available should be False
Commit 65eb248209 introduced a bug by not allowing the POST method in OPTIONS requests (which is wrong since several parts of the API accept POST requests, for example creating a new kernel).
Pre-flighted OPTIONS requests do not include authentication information,
which means that we should not expect these to be authenticated.
Authentication will be validated when the real PUT/POST etc request is
issued after the preflight.
Min RK
Thomas Kluyver
Grant Nestor
Anastasis Germanidis
Thomas Kluyver
Krista
Jason Grout
wenjun.swj
Bernhard Liebl
chultquist
Carl Hultquist
Matthias Bussonnier
chenchao
Jonathan Frederic
Diego Mesa
Steven Silvester
Jeroen Demeyer