Notebook: [docs] Setting up CSP for embedding notebook (eg: in iframe)

please indicate which exact setting you used, and on which domain you are trying to host ?

It seem like you are trying to host on port 9191 and only allowing 9999.

Thanks @Carreau
Actually i am try on my local box for testing after that I will deploy on AWS EC2 node.
I have added these setting into /home/sky/.jupyter/jupyter_notebook_config.py file:

c.NotebookApp.port = 9999

c.NotebookApp.ip = '192.168.2.115'

c.NotebookApp.tornado_settings = { 'headers': { 'Content-Security-Policy': "frame-ancestors 'self' https://192.168.2.115:9999/" } }

"frame-ancestors 'self' https://192.168.2.115:9999/"

That's redundant, if the notebook port and app are 192.168.2.115 and 9999 self is 192.168.2.115:9999, what you want to put there is the website you would be embedding into.

yes, suppose my website URL is ec2-xx-xx-xxx-xx.compute-1.amazonaws.com and port is 9999.
So what would be configuration setting ?

Depends, let's say I have a notebook server that runs on ec2, and that i want to embed a notebook on https://blog.jupyter.org, it would likely look like:

c.NotebookApp.tornado_settings = { 'headers': { 'Content-Security-Policy': "frame-ancestors 'self' https://blog.jupyter.org/" } }

But I'm not an expert on that.

There seem to be an example in old docs that seem to be missing on new one.

Renamed issue to remind us to write better documentation on that, or make it easier to find.

Thank you very much @Carreau. It is working fine now.

@Carreau When creating a new notebook it will open into new browser(or new tab). Is this possible it will open in same browser(same tab) ?

Hum, likely yes, you need to inject JS (through custom.js) and change the value of require('base/js/namespace')._target which by default is _blank to one of the supported value that suit you the most.

@carreau Thanks for tagging this for documentation review :+1:

Hello @Carreau

I am trying something like:
Created file ~/.jupyter/static/custom/custom.js

require(['/tree/js/notebooklist'], function(notebookList){

NotebookList.prototype = function(notebook){
  notebook.open("", "_self")
}

})

added path into jupyter_notebook_config.py

c.NotebookApp.extra_static_paths = ["static/custom/custom.js"]

But it didn't work. Any idea what is wrong here ?

That's definitively not the right way to do it, but it works:
Better would be to write an extension for /tree/ and enable it in the config.

~ $ cat ~/.jupyter/custom/custom.js
define(['base/js/namespace'], function(Jupyter){
    Jupyter._target = '_self';
})

@Carreau : Yes definitively, I was wrong. Now it is working. Thank you so much for your help.
Now I am going to close this issue.

Reopening to fix docs.

@Carreau I used this setting to get the notebook login page to show up on an iframe on socrates-login1/jupyter

c.JupyterHub.tornado_settings = {'headers': {'Content-Security-Policy': "frame-ancestors 'self' http://socrates-login1/"} }

And it works for the login page. But once the logged in I get the same error for the user profile pages.

Refused to display 'http://socrates-login1:7800/user/psplinter/tree' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

Do I need to set this for each user?
Here is how I'm running juptyerhub

source /opt/cray/anaconda3/bin/activate /opt/cray/jupyter/python3_venv
module load /opt/modulefiles/python/python3
/opt/cray/jupyter/python3_venv/bin/jupyterhub --no-ssl -f /etc/jupyterhub/jupyterhub_config.py &

I faced the same issue and was debugging since 2 days. Finally this post saved me!
Thanks guys for this article.
Cheers!

@Carreau after creating the custom.js, how did you specify your jupyter to use this file ? I create the custom.js in the forlder ~/.jupyter/custom/custom.js, restart my docker image, but nothing happened. Still have my notebook in a new tab.

I guess the docs still need updating?