After a PAWS login, the auth works, but the page does not redirect, or show the progress of starting the server pod. A page reload will indeed let one in, so a workaround exists. This does not happen in minikube, leaving the pod security policy as a suspect (T317787)
Description
Description
Details
Details
Related Changes in Gerrit:
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| jupyter referer | operations/puppet | production | +2 -0 |
Related Objects
Related Objects
Event Timeline
Comment Actions
This is probably related to:
[W 2023-01-12 15:42:28.409 JupyterHub base:89] Blocking Cross Origin API request. Referer: https://hub.paws-dev.codfw1dev.wmcloud.org/hub/spawn-pending/VRook_%28WMF%29, Host: hub.paws-dev.codfw1dev.wmcloud.org, Host URL: http://hub.paws-dev.codfw1dev.wmcloud.org/hub/ [W 2023-01-12 15:42:28.411 JupyterHub scopes:804] Not authorizing access to /hub/api/users/VRook_%28WMF%29/server/progress. Requires any of [read:servers], not derived from scopes [] [W 2023-01-12 15:42:28.417 JupyterHub web:1796] 403 GET /hub/api/users/VRook_%28WMF%29/server/progress (10.100.0.0): Action is not authorized with current scopes; requires any of [read:servers] [W 2023-01-12 15:42:28.421 JupyterHub log:186] 403 GET /hub/api/users/VRook_%28WMF%29/server/progress (@10.100.0.0) 19.59ms
Comment Actions
This is resolved when I disable https in paws-dev at the haproxy layer, or convincing the browser to not use https.
http://hub.paws-dev.codfw1dev.wmcloud.org/user/VRook_%28WMF%29/lab
Does seem to work (Firefox likes to send it back to https://hub.paws-dev.codfw1dev.wmcloud.org/user/VRook_%28WMF%29/lab)
Comment Actions
Change 879824 had a related patch set uploaded (by Vivian Rook; author: Vivian Rook):
[operations/puppet@production] jupyter referer
Comment Actions
https://gerrit.wikimedia.org/r/c/operations/puppet/+/879824 doesn't seem like the right way to fix this, but it does seem to get it working...