hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-08 02:24:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "store tokens passed via url or header, not only url."

Browse Source 
This reverts commit 53c3201c17.

Only tokens in URLs should be persisted in cookies.
Tokens in headers should not have any effect on cookies.
This commit is contained in:
Min RK
2021-11-01 12:34:44 +01:00
parent f06902aa8f
commit cd8dd56213
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
jupyterhub/services/auth.py
View File

@@ -1023,8 +1023,8 @@ class HubAuthenticated:
self._hub_auth_user_cache = None self._hub_auth_user_cache = None
raise raise
# store tokens passed via url or header in a cookie for future requests # store ?token=... tokens passed via url in a cookie for future requests
url_token = self.hub_auth.get_token(self) url_token = self.get_argument('token', '')
if ( if (
user_model user_model
and url_token and url_token