diff --git a/jupyter_server/serverapp.py b/jupyter_server/serverapp.py index 9335f239c3..6cb41d579d 100755 --- a/jupyter_server/serverapp.py +++ b/jupyter_server/serverapp.py @@ -879,6 +879,22 @@ def _default_allow_remote(self): else: return not addr.is_loopback + use_redirect_file = Bool(True, config=True, + help="""Disable launching browser by redirect file + For versions of notebook > 5.7.2, a security feature measure was added that + prevented the authentication token used to launch the browser from being visible. + This feature makes it difficult for other users on a multi-user system from + running code in your Jupyter session as you. + However, some environments (like Windows Subsystem for Linux (WSL) and Chromebooks), + launching a browser using a redirect file can lead the browser failing to load. + This is because of the difference in file structures/paths between the runtime and + the browser. + + Disabling this setting to False will disable this behavior, allowing the browser + to launch by using a URL and visible token (as before). + """ + ) + local_hostnames = List(Unicode(), ['localhost'], config=True, help="""Hostnames to allow as local when allow_remote_access is False. @@ -1761,6 +1777,12 @@ def launch_browser(self): if not browser: return + if not self.use_redirect_file: + uri = self.default_url[len(self.base_url):] + + if self.token: + uri = url_concat(uri, {'token': self.token}) + if self.file_to_run: if not os.path.exists(self.file_to_run): self.log.critical(_("%s does not exist") % self.file_to_run) @@ -1776,9 +1798,12 @@ def launch_browser(self): else: open_file = self.browser_open_file - b = lambda: browser.open( - urljoin('file:', pathname2url(open_file)), - new=self.webbrowser_open_new) + if self.use_redirect_file: + assembled_url = urljoin('file:', pathname2url(open_file)) + else: + assembled_url = url_path_join(self.connection_url, uri) + + b = lambda: browser.open(assembled_url, new=self.webbrowser_open_new) threading.Thread(target=b).start() def start_app(self):