f3b4d16d14
fix typo(?) on the exception to edit application/javascript
9 years ago
cd24d1ee92
add .tpl to set of editable extensions by notebook text editor
9 years ago
9394d7af54
Merge pull request #2028 from pleabargain/patch-1
...
typo an to and
9 years ago
b97336c35d
typo an to and
9 years ago
5cafbfe822
Merge pull request #2005 from minrk/require-api-token
...
forward-port xsrf fixes
9 years ago
83ca4833eb
update bundler tests with self.request
9 years ago
a69494833b
forward-port fixes
9 years ago
4da035c577
Merge pull request #2009 from ellisonbg/md-max-width
...
Don't use max-width on tables in rendered markdown
9 years ago
2ed20e4980
Don't use max-width on tables in rendered markdown
9 years ago
0b50201ae4
note downgrade of CodeMirror in changelog
9 years ago
86c6268f64
prose review
9 years ago
dacea0e0d9
changelog notes for 4.3.1
9 years ago
d6f091c443
allow disabling xsrf check
...
for deployments that want to grant unfettered access, even from anonymous API requests
9 years ago
8e141df890
run Python tests with a token
...
exercises token auth
9 years ago
2da82f909c
get xsrf from cookie, not body data
...
so that it can't be skimmed with a GET of the page
9 years ago
9478a6b82b
use tornado xsrf token in API
...
- Cookie-authenticated API requests must use set X-XSRFToken header
- add utils.ajax for making ajax requests, adding xsrf header from default location
9 years ago
70e79a0ad6
add token_authenticated property
...
indicates if a token is used for authentication, in which case xsrf checks should be skipped.
9 years ago
4a8af93b5b
enable tornado xsrf cookie
9 years ago
645f0f9dad
Merge pull request #2004 from gnestor/codemirror-5.16
...
Downgrade to CodeMirror 5.16
9 years ago
e03ab77460
Downgrade to CodeMirror 5.16
...
Closes https://github.com/jupyter/notebook/issues/1967
9 years ago
62347f9842
Merge pull request #2003 from gnestor/4.3.1
...
Add 4.3.1 to changelog
9 years ago
2113b461de
Add 4.3.1 to changelog
9 years ago
1216b83e35
Merge pull request #2002 from srinivasreddy/928
...
rename log.warn to log.warning as log.warn is deprecated
9 years ago
161c174a98
rename log.warn to log.warning as log.warn is deprecated
9 years ago
374db739ad
Merge pull request #1965 from mgeier/proper-attachment-url
...
Use attachment:path instead of attachment://path
9 years ago
d3b5e15bb4
Merge pull request #1994 from minrk/more-token-log-no-browser
...
Further highlight token info in log output
9 years ago
cbeec7ae9a
Add note about cookie requirement
9 years ago
3760525783
Only log generated tokens in URLs
...
if token came from config, assume user knows what it is
or it's handled some other way.
9 years ago
65cb6cc185
Only show token info if tokens are available
...
on login page
9 years ago
fb8f730c6e
Merge pull request #1985 from jasongrout/checkresize
...
Ignore resize events that bubbled up and didn't come from window.
9 years ago
9c79e3163d
Merge pull request #1993 from minrk/wait-for-output
...
add missing waits for output in display_id tests
9 years ago
faf60320dd
Further highlight token info in log output
...
add critical-level log statement at the end of startup with token info
9 years ago
935af43582
handle window sizing even when it is not from a resize event.
9 years ago
3c0da28764
add missing waits for output in display_id tests
9 years ago
e909afc93a
Due to jQuery propagating events, the window resize event could be triggered by a bubbled event.
...
See https://bugs.jquery.com/ticket/9841 . In our case, the OutputArea was triggering a ‘resize’ event on its element, which was bubbling up and causing this handler to execute every time an output was appended. This was a pretty big drain on output areas that quickly changed (like for interact widgets), presumably since this function involves a DOM read to get heights.
9 years ago
0c5613b13a
Merge pull request #1982 from minrk/fixCR5
...
fix carriage return handling
9 years ago
a2f7325537
fix carriage return handling
...
The only real fix is an errant `+` on the final replacement, which would end up skipping sequential replacements.
- leaves trailing `\r` on the text, if there is one
- use groups to avoid unnecessary replace calls (no change)
- includes test
9 years ago
5f0d05c5fe
Merge pull request #1975 from minrk/cors-auth-header
...
add Authorization to allowed CORS headers
9 years ago
a51efa5acc
add Authorization to allowed CORS headers
...
so that CORS requests can be token-authenticated
9 years ago
6ee01644c4
Merge pull request #1972 from minrk/token-docs
...
better docs for token auth
9 years ago
7fa5d5a1be
cover token authentication in security docs
9 years ago
7c7f065547
include token info on login page
9 years ago
a33ad66460
clarify the default token behavior in help output
9 years ago
6a5e22e646
Use attachment:path instead of attachment://path
...
This partly reverts #1659 , see also #1655 .
9 years ago
c05138a219
Merge pull request #1956 from jasongrout/fontsize
...
Make the font size more robust against fickle browser values.
9 years ago
6adae92d42
Merge pull request #1958 from jasongrout/callbackid
...
Add output callback overrides
9 years ago
1864fe5adb
Some tests for output callback overrides.
9 years ago
c3de744fe9
Return after error condition.
9 years ago
66146cc265
Write the get_output_callback_id function that we use.
9 years ago
5d84a55e4a
Add an output callback override stack
...
This allows us to override output callbacks to redirect output messages, and is used to implement the Output widget, for example. It does not redirect status messages or messages on other channels.
9 years ago
michaelpacer
Thomas Kluyver
Dennis
Min RK
Kyle Kelley
Brian E. Granger
Grant Nestor
Srinivas Reddy Thatiparthy
Jason Grout
Matthias Geier