From cf321d2e27fbac96a087fd6b20cc8bfc65041774 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Mon, 3 Jun 2024 23:14:29 -0700 Subject: [PATCH 1/2] Add XSRF to form --- jupyterhub_announcement/announcement.py | 1 + jupyterhub_announcement/handlers.py | 1 + templates/index.html | 1 + 3 files changed, 3 insertions(+) diff --git a/jupyterhub_announcement/announcement.py b/jupyterhub_announcement/announcement.py index 12d3010..add135b 100644 --- a/jupyterhub_announcement/announcement.py +++ b/jupyterhub_announcement/announcement.py @@ -149,6 +149,7 @@ def initialize(self, argv=None): "static_path": os.path.join(self.data_files_path, "static"), "static_url_prefix": url_path_join(self.service_prefix, "static/"), "log": self.log, + "xsrf_cookies": True, } self.app = web.Application( diff --git a/jupyterhub_announcement/handlers.py b/jupyterhub_announcement/handlers.py index 79a2b62..d1834cf 100644 --- a/jupyterhub_announcement/handlers.py +++ b/jupyterhub_announcement/handlers.py @@ -46,6 +46,7 @@ def get(self): base_url=prefix, no_spawner_check=True, parsed_scopes=user.get("hub_scopes") or [], + xsrf_form_html=self.xsrf_form_html, ) ) diff --git a/templates/index.html b/templates/index.html index 9799103..d23319c 100644 --- a/templates/index.html +++ b/templates/index.html @@ -15,6 +15,7 @@ {% if user.admin %}
+ {{ xsrf_form_html() | safe }}
From 284603109556bea727e0336e4394b9902e559394 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Wed, 5 Jun 2024 10:21:05 -0700 Subject: [PATCH 2/2] Set version to 0.9.2 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 32bf0a8..eb6ee1d 100644 --- a/setup.py +++ b/setup.py @@ -16,5 +16,5 @@ name="jupyterhub-announcement", packages=["jupyterhub_announcement"], url="https://github.com/rcthomas/jupyterhub-announcement", - version="1.0.0.dev", + version="0.9.2.dev", )