Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

notebook 5.7.6 breaks pywwt #191

Closed
pkgw opened this issue Mar 28, 2019 · 1 comment
Closed

notebook 5.7.6 breaks pywwt #191

pkgw opened this issue Mar 28, 2019 · 1 comment

Comments

@pkgw
Copy link
Contributor

pkgw commented Mar 28, 2019

As described here, version 5.7.6 of the Jupyter notebook module adds a new security feature related to the HTTP content types. This feature breaks pywwt.

On previous versions, the internal Jupyter server serves the wwt_json_api.js file with the wrong content/MIME type: it bills it as text/html rather than application/javascript. This is only a warning, though — in the Firefox JS developer console, you see:

The script from “http://localhost:8888/wwt/wwt_json_api.js” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.

The new X-Content-Type-Options: nosniff header added in notebook 5.7.6 turns this into a hard error:

The resource from "http://localhost:8888/wwt/wwt_json_api.js" was blocked due to MIME type ("text/html") mismatch

This breaks programmatic control of the widget, basically.

This problem may be fixed in jupyter/notebook#4468? The PR there bills it as only applying to Windows, but looking at the patch, it might help pywwt out too.
pkgw added a commit to pkgw/pywwt that referenced this issue Mar 28, 2019
@pkgw
Fix pywwt on notebook >=5.7.6
f02b554 
Version 5.7.6 of the Jupyter notebook module adds a new security feature
related to the HTTP content types
(jupyter/notebook#4467 (comment)). It
breaks pywwt because pywwt has not been returning valid MIME types (AKA
content types) from its internal Jupyter server.

From looking at the main `notebook` implementation, it seems that the correct
approach is to use the `mimetypes` module to get the right value to put in the
Content-Type header, so let's go ahead and do that.

Closes WorldWideTelescope#191.
@pkgw pkgw mentioned this issue Mar 28, 2019
Merged
@pkgw
Copy link
Contributor Author

pkgw commented Mar 28, 2019

OK, turns out a pywwt fix is required: say hello to #192.

@pkgw pkgw mentioned this issue Apr 1, 2019
Open
pkgw added a commit to pkgw/pywwt that referenced this issue Apr 9, 2019
@pkgw
Fix pywwt on notebook >=5.7.6
d1b9f42 
Version 5.7.6 of the Jupyter notebook module adds a new security feature
related to the HTTP content types
(jupyter/notebook#4467 (comment)). It
breaks pywwt because pywwt has not been returning valid MIME types (AKA
content types) from its internal Jupyter server.

From looking at the main `notebook` implementation, it seems that the correct
approach is to use the `mimetypes` module to get the right value to put in the
Content-Type header, so let's go ahead and do that.

Closes WorldWideTelescope#191.
@pkgw pkgw closed this as completed in #192 Apr 9, 2019
@jsub1 jsub1 mentioned this issue May 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pkgw