Merge pull request cylc#593 from cylc/1.4.x-sync

🤖 Merge 1.4.x-sync into master
wxtim · May 8, 2024 · 7e061ad · 7e061ad
2 parents 63bd916 + 399ea47
commit 7e061ad
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -59,6 +59,7 @@ below.
  - Mel Hall
  - Christopher Bennett
  - Mark Dawson
+ - Min RK
  <!-- end-shortlog -->
 
 (All contributors are identifiable with email addresses in the git version

diff --git a/changes.d/592.fix b/changes.d/592.fix
@@ -0,0 +1 @@
+Compatibility with JupyterHub 4.1 XSRF changes for static requests
diff --git a/cylc/uiserver/handlers.py b/cylc/uiserver/handlers.py
@@ -184,10 +184,23 @@ class CylcStaticHandler(CylcAppHandler, web.StaticFileHandler):
     def initialize(self, *args, **kwargs):
         return web.StaticFileHandler.initialize(self, *args, **kwargs)
 
+    def check_xsrf_cookie(self):
+        # don't need XSRF protections on static assets
+        return
+
     @web.authenticated
     def get(self, path):
         # authenticate the static handler
         # this provides us with login redirection and token caching
+        if not path:
+            # Request for /index.html
+            # Accessing xsrf_token ensures xsrf cookie is set
+            # to be available for next request to /userprofile
+            self.xsrf_token
+            # Ensure request goes through this method even when cached so
+            # that the xsrf cookie is set on new browser sessions
+            # (doesn't prevent browser storing the response):
+            self.set_header('Cache-Control', 'no-cache')
         return web.StaticFileHandler.get(self, path)