32a353378a
track REST API activity
...
add /api/status endpoint for retrieving current status
includes
- started: start time of the server
- last_activity: latest activity across all endpoints
- connections: number of current connections
- kernels: number of current kernels
9 years ago
666ecbf35c
Merge pull request #2011 from minrk/unwebpack
...
unwebpackify
9 years ago
4917ba4d44
Merge pull request #1991 from minrk/template-log-message
...
remove debug statement about no custom error page template
9 years ago
47d4451958
remove webpack shims
...
restore explicit imports of jquery, etc.
9 years ago
86c6268f64
prose review
9 years ago
d6f091c443
allow disabling xsrf check
...
for deployments that want to grant unfettered access, even from anonymous API requests
9 years ago
9478a6b82b
use tornado xsrf token in API
...
- Cookie-authenticated API requests must use set X-XSRFToken header
- add utils.ajax for making ajax requests, adding xsrf header from default location
9 years ago
70e79a0ad6
add token_authenticated property
...
indicates if a token is used for authentication, in which case xsrf checks should be skipped.
9 years ago
4a8af93b5b
enable tornado xsrf cookie
9 years ago
3f32d7da00
remove debug statement about no custom error page template
...
We don't need a message when the default error page is used
9 years ago
a51efa5acc
add Authorization to allowed CORS headers
...
so that CORS requests can be token-authenticated
9 years ago
38060d001e
Merge pull request #1939 from jupyter/static-file-log
...
Add debug log for static file paths
9 years ago
283042c675
Ensure variable is set if exc_info is falsey
...
Closes gh-1940
9 years ago
1e070a50f5
don't check origin on token-authenticated requests
...
adds LoginHandler.should_check_origin classmethod API
9 years ago
ec13af58d7
Add debug log for static file paths
9 years ago
7621fae43e
include PATH in cross-origin blocking log message
...
makes it clearer what's being blocked
9 years ago
8d7e430b89
Allow websocket connections from scripts
...
scripts don't set origin on connection
we allow these connections on API requests, websockets should match.
9 years ago
bf249669e1
call it token
...
login_token is redundant
9 years ago
3ba68d8cb7
enable token-authentication by default
...
- add NotebookApp.login_token, used when NotebookApp.password is not set
- store login_token, bool(password) in notebook server-info file
- `jupyter notebook list` shows pasteable URLs with token
General changes:
- notebook servers are now authenticated by default
- first connect with token sets a cookie
- once a user has logged into one server with a token, their browser is logged in to
all subsequent servers on the same system+port until cookie_secret changes
9 years ago
6c5cca1328
Make login_available method LoginHandler.get_login_available
...
There was a conflict for the .login_available property on LoginHandler itself
causing the login form to render incorrectly when login_available should be False
9 years ago
fd03c87f43
Merge pull request #1565 from poke1024/mathjaxmml
...
MathJax MML support
10 years ago
17a7fe76a9
encode file name in Content-Disposition when it contains non-ascii characters
10 years ago
ab8f837ce9
switch from MathJax configuration TeX-AMS_HTML-full to TeX-AMS-MML_HTMLorMML-full
10 years ago
caca248b6f
Merge pull request #1518 from chultquist/master
...
Allow requests to POST in OPTIONS requests
10 years ago
144807bc3c
Allow requests to POST in OPTIONS requests
...
Commit 65eb248209
10 years ago
c52e8fdc77
make MathJax config parameter configurable (instead of hard coded)
10 years ago
4a161fea12
Fix handling of preflight requests
...
Pre-flighted OPTIONS requests do not include authentication information,
which means that we should not expect these to be authenticated.
Authentication will be validated when the real PUT/POST etc request is
issued after the preflight.
10 years ago
0601fc75ef
Merge pull request #1261 from cc272309126/master
...
fix the bug that notebook websocket response can not compress
10 years ago
a3877277a4
fix the bug that notebook websocket response can not compress
10 years ago
03ceccf7a1
Re-add ignore_minified_js
10 years ago
d340a794fc
Compile services/contents
10 years ago
508804153a
Remove ignore minified
10 years ago
482ed8a5a3
updating log.warn to log.warning
10 years ago
c280b773fb
use session.deserialize to unpack message for rate limiting
...
rather than hardcoding json.loads
Messages should **never** be deserialized by any means other than the Session API.
10 years ago
8aa4f1e60c
allow zmq check_origin with no args
...
terminado may call `self.check_origin()`
in which case we should grab origin from the headers.
10 years ago
fe03de7471
Avoid error when using a cross-origin websocket
10 years ago
17b3643891
Interpret mathjax_url relative to base_url
10 years ago
c2c39a7c9d
move common websocket methods to WebSocketMixin
...
- origin check
- ws ping
used by both kernels and terminals
10 years ago
831b2a523b
Merge pull request #472 from minrk/base-url-always-encoded
...
avoid double-encoding base_url
10 years ago
65eb248209
Add the method to the correct base class
10 years ago
8de725a8de
server-side fixes for double-escaped base_url
10 years ago
2e16713e32
moved check_origin to IPythonHandler
11 years ago
2d5d548d79
Revert "Use NPM, node ES5, and browserify."
11 years ago
81a2998fe0
Dynamically load contents, also browserify contents.
11 years ago
d4b1e9aa99
Wrong default.
...
Change from True to False after rename from use_bundle to ignore_minified_js
11 years ago
f9ad56e206
Add option to not use minified javascript and ease developpement.
11 years ago
b001be2c82
check origin of API requests
...
protects agains CSRF on POST endpoints via forms.
11 years ago
e4cc3a6ea2
FileFindHandler inherits from IPythonHandler
...
in order to get default CSP headers
11 years ago
5403d2479d
make content_security_policy a property
...
and *add* `default-src: 'none'` to API handlers
custom CSP applies to all handlers
11 years ago
709ed0d04b
Add APIHandler base class
...
- ensures all API responses are json
- sets CSP to prevent js execution on all API replies
11 years ago
Min RK
Thomas Kluyver
Thomas Kluyver
Jason Grout
Grant Nestor
wenjun.swj
Bernhard Liebl
chultquist
Carl Hultquist
Matthias Bussonnier
chenchao
Jonathan Frederic
Diego Mesa
Steven Silvester
Jeroen Demeyer
Jonathan Frederic
Zach Schwartz