hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove server_tokens setting

Browse Source 
Revert this if we decide this is a security issue, but we report the version through the API as well
This commit is contained in:
Will Starms
2019-10-17 13:43:28 -05:00
parent 8c1620e6c5
commit 2cac46fdb2
4 changed files with 4 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
jupyterhub/app.py
View File

@@ -1185,10 +1185,6 @@ class JupyterHub(Application):
False, help="""Shuts down all user servers on logout""" False, help="""Shuts down all user servers on logout"""
).tag(config=True) ).tag(config=True)
server_tokens = Bool(
True, help="""Display JupyterHub version information on admin page"""
).tag(config=True)
@default('statsd') @default('statsd')
def _statsd(self): def _statsd(self):
if self.statsd_host: if self.statsd_host:
@@ -2137,7 +2133,6 @@ class JupyterHub(Application):
internal_ssl_ca=self.internal_ssl_ca, internal_ssl_ca=self.internal_ssl_ca,
trusted_alt_names=self.trusted_alt_names, trusted_alt_names=self.trusted_alt_names,
shutdown_on_logout=self.shutdown_on_logout, shutdown_on_logout=self.shutdown_on_logout,
server_tokens=self.server_tokens,
eventlog=self.eventlog, eventlog=self.eventlog,
) )
# allow configured settings to have priority # allow configured settings to have priority

1
jupyterhub/handlers/pages.py
View File

@@ -423,7 +423,6 @@ class AdminHandler(BaseHandler):
sort={s: o for s, o in zip(sorts, orders)}, sort={s: o for s, o in zip(sorts, orders)},
allow_named_servers=self.allow_named_servers, allow_named_servers=self.allow_named_servers,
named_server_limit_per_user=self.named_server_limit_per_user, named_server_limit_per_user=self.named_server_limit_per_user,
server_tokens=self.settings.get('server_tokens', True),
server_version='{} {}'.format(__version__, self.version_hash), server_version='{} {}'.format(__version__, self.version_hash),
) )
self.finish(html) self.finish(html)

8
jupyterhub/tests/test_pages.py
View File

@@ -117,14 +117,6 @@ async def test_admin_version(app):
assert "version_footer" in r.text assert "version_footer" in r.text
async def test_admin_version_disabled(app):
cookies = await app.login_user('admin')
with mock.patch.dict(app.tornado_settings, {'server_tokens': False}):
r = await get_page('admin', app, cookies=cookies, allow_redirects=False)
r.raise_for_status()
assert "version_footer" not in r.text
@pytest.mark.parametrize('sort', ['running', 'last_activity', 'admin', 'name']) @pytest.mark.parametrize('sort', ['running', 'last_activity', 'admin', 'name'])
async def test_admin_sort(app, sort): async def test_admin_sort(app, sort):
cookies = await app.login_user('admin') cookies = await app.login_user('admin')

10
share/jupyterhub/templates/admin.html
View File

@@ -103,13 +103,11 @@
</tbody> </tbody>
</table> </table>
</div> </div>
{%- if server_tokens -%} <div class="container-fluid navbar-default small version_footer">
<div class="container-fluid navbar-default small version_footer"> <div class="navbar-text">
<div class="navbar-text"> JupyterHub {{ server_version }}
JupyterHub {{ server_version }}
</div>
</div> </div>
{%- endif -%} </div>
{% call modal('Delete User', btn_class='btn-danger delete-button') %} {% call modal('Delete User', btn_class='btn-danger delete-button') %}
Are you sure you want to delete user <span class="delete-username">USER</span>? Are you sure you want to delete user <span class="delete-username">USER</span>?