Misc

src/standalone/userJupyterServer/jupyterPasswordConnect.ts

@@ -98,13 +98,13 @@ export class JupyterPasswordConnect implements IJupyterPasswordConnect {
         let xsrfCookie: string | undefined;
         let sessionCookieName: string | undefined;
         let sessionCookieValue: string | undefined;
-
+        let requiresPassword = false;
         // First determine if we need a password. A request for the base URL with /tree? should return a 302 if we do.
         const needsPassword = await this.needPassword(url);
         if (needsPassword || isTokenEmpty) {
             // Get password first
-            let userPassword = needsPassword ? await this.getUserPassword(url, displayName) : '';
-
+            const userPassword = needsPassword ? await this.getUserPassword(url, displayName) : '';
+            requiresPassword = (userPassword || '').length > 0;
             // If we do not have a password, but token is empty, then generate an xsrf token with session cookie
             if (userPassword || isTokenEmpty) {
                 xsrfCookie = await this.getXSRFToken(url, '');
@@ -127,7 +127,6 @@ export class JupyterPasswordConnect implements IJupyterPasswordConnect {
                 // like a standard connection. Might be the case where there is no token and no password
                 return;
             }
-            userPassword = undefined;
         } else {
             // If no password needed, act like empty password and no cookie
             return;
@@ -139,7 +138,7 @@ export class JupyterPasswordConnect implements IJupyterPasswordConnect {
             sendTelemetryEvent(Telemetry.GetPasswordSuccess);
             const cookieString = `_xsrf=${xsrfCookie}; ${sessionCookieName}=${sessionCookieValue || ''}`;
             const requestHeaders = { Cookie: cookieString, 'X-XSRFToken': xsrfCookie };
-            return { requestHeaders };
+            return { requestHeaders, requiresPassword };
         } else {
             sendTelemetryEvent(Telemetry.GetPasswordFailure);
             return;

src/standalone/userJupyterServer/types.ts

@@ -4,6 +4,7 @@
 import { JupyterServerProviderHandle } from '../../kernels/jupyter/types';
 
 export interface IJupyterPasswordConnectInfo {
+    requiresPassword: boolean;
     requestHeaders?: Record<string, string>;
     remappedBaseUrl?: string;
     remappedToken?: string;

src/standalone/userJupyterServer/userServerUrlProvider.ts

@@ -192,11 +192,10 @@ export class UserJupyterServerUrlProvider
                         jupyterServerUri.authorizationHeader = result?.requestHeaders;
                     }
 
-                    // If we have auth headers info, and this is HTTP, then this means we have a password.
-                    // If on the other hand we do not have any auth header information & there is no token & no password, & this is HTTP then this is an insecure server
+                    // If we do not have any auth header information & there is no token & no password, & this is HTTP then this is an insecure server
                     // & we need to ask the user for consent to use this insecure server.
                     if (
-                        !result &&
+                        (!result || !result.requiresPassword) &&
                         jupyterServerUri.token.length === 0 &&
                         new URL(jupyterServerUri.baseUrl).protocol.toLowerCase() === 'http'
                     ) {