Revert "store tokens passed via url or header, not only url."

This reverts commit 53c3201c17. Only tokens in URLs should be persisted in cookies. Tokens in headers should not have any effect on cookies.
2025-10-07 10:04:07 +00:00 · 2021-11-01 12:34:44 +01:00
parent f06902aa8f
commit cd8dd56213
1 changed files with 2 additions and 2 deletions
--- a/jupyterhub/services/auth.py
+++ b/jupyterhub/services/auth.py
@@ -1023,8 +1023,8 @@ class HubAuthenticated:
            self._hub_auth_user_cache = None
            raise

-        # store tokens passed via url or header in a cookie for future requests
-        url_token = self.hub_auth.get_token(self)
+        # store ?token=... tokens passed via url in a cookie for future requests
+        url_token = self.get_argument('token', '')
        if (
            user_model
            and url_token