From c08b582c53a72ba1c0e462c27d9715c10d1e8f1e Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Tue, 26 Mar 2024 08:55:15 +0100
Subject: [PATCH] respect jupyter-server disable_check_xsrf setting

allows global disable of xsrf checks in single-user servers
---
 jupyterhub/services/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py
index b038db58..fd322be1 100644
--- a/jupyterhub/services/auth.py
+++ b/jupyterhub/services/auth.py
@@ -987,7 +987,9 @@ class HubOAuth(HubAuth):
 
         Applies JupyterHub check_xsrf_cookie if not token authenticated
         """
-        if getattr(handler, '_token_authenticated', False):
+        if getattr(handler, '_token_authenticated', False) or handler.settings.get(
+            "disable_check_xsrf", False
+        ):
             return
         check_xsrf_cookie(handler)