Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 POST: '_xsrf' argument missing from POST when closing kernel #1458

Open
salwon opened this issue Apr 8, 2024 · 5 comments
Open

403 POST: '_xsrf' argument missing from POST when closing kernel #1458

salwon opened this issue Apr 8, 2024 · 5 comments
Assignees
@trungleduc
Labels
bug Something isn't working

Comments

@salwon
Copy link

salwon commented Apr 8, 2024

Description

We have a Voila app running on an AWS ECS task that consistently throws the error in the title when a user closes their tab. We have auto-culling of kernels turned on as well - this error is thrown when the tab is closed even if the kernel has already been shutdown. We are handling logins to this app using our internal authentication, we don't have or need any additional XSRF protection.

Full traceback is as follows:

403 POST /app/voila/api/shutdown/7887dd81-d08e-4c0a-a4cf-7753e9e0881b: '_xsrf' argument missing from POST	
wrote error: "'_xsrf' argument missing from POST"	
Traceback (most recent call last):	
File "/root/.cache/pypoetry/virtualenvs/marigold-j2r1q8F--py3.8/lib/python3.8/site-packages/tornado/web.py", line 1769, in _execute	
result = await result # type: ignore	
File "/root/.cache/pypoetry/virtualenvs/marigold-j2r1q8F--py3.8/lib/python3.8/site-packages/jupyter_server/base/handlers.py", line 731, in prepare	
await super().prepare()	
File "/root/.cache/pypoetry/virtualenvs/marigold-j2r1q8F--py3.8/lib/python3.8/site-packages/jupyter_server/base/handlers.py", line 632, in prepare	
self.check_xsrf_cookie()	
File "/root/.cache/pypoetry/virtualenvs/marigold-j2r1q8F--py3.8/lib/python3.8/site-packages/jupyter_server/base/handlers.py", line 536, in check_xsrf_cookie	
return super().check_xsrf_cookie()	
File "/root/.cache/pypoetry/virtualenvs/marigold-j2r1q8F--py3.8/lib/python3.8/site-packages/tornado/web.py", line 1605, in check_xsrf_cookie	
raise HTTPError(403, "'_xsrf' argument missing from POST")	
tornado.web.HTTPError: HTTP 403: Forbidden ('_xsrf' argument missing from POST)	
403 POST /app/voila/api/shutdown/7887dd81-d08e-4c0a-a4cf-7753e9e0881b 2.34ms
@salwon salwon added the bug Something isn't working label Apr 8, 2024
@trungleduc
Copy link
Member

Hi, could you post your version of voila and jupyter_server?

@salwon
Copy link
Author

salwon commented Apr 8, 2024

Voila 0.4.3
Jupyter_server 2.12.5

@salwon
Copy link
Author

salwon commented Apr 10, 2024

I just confirmed the same error with jupyetr-server 2.13.0 and Voila 0.5.5.

@trungleduc trungleduc self-assigned this Apr 10, 2024
@trungleduc
Copy link
Member

Thanks for reporting, I will take a look.

@salwon
Copy link
Author

salwon commented Apr 11, 2024

I'm able to get around it by adding 'disable_check_xsrf': True to my Tornado settings in Voila's arguments. I'm not sure if this is a safe/desired solution, but at least it doesn't throw the error.

@afonit afonit mentioned this issue Jun 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trungleduc trungleduc

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trungleduc @salwon