From ecb70d9af11338e6a21f7dd9b89959e578b94b4f Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Tue, 20 Aug 2019 02:30:13 +0000 Subject: [PATCH 1/3] Add POST request to TensorboardHandler. Add handler for POST requests to TensorboardHandler, providing support for hparams plugin. --- jupyter_tensorboard/handlers.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/jupyter_tensorboard/handlers.py b/jupyter_tensorboard/handlers.py index 982936e..069983f 100644 --- a/jupyter_tensorboard/handlers.py +++ b/jupyter_tensorboard/handlers.py @@ -70,6 +70,27 @@ def get(self, name, path): else: raise web.HTTPError(404) + @web.authenticated + def post(self, name, path): + + if path == "": + uri = self.request.path + "/" + if self.request.query: + uri += "?" + self.request.query + self.redirect(uri, permanent=True) + return + + self.request.path = ( + path if self.request.query + else "%s?%s" % (path, self.request.query)) + + manager = self.settings["tensorboard_manager"] + if name in manager: + tb_app = manager[name].tb_app + WSGIContainer(tb_app)(self.request) + else: + raise web.HTTPError(404) + class TensorboardErrorHandler(IPythonHandler): pass From 5e4f0fc6131bfda4e735f54ed3a5ec53297fd56e Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Tue, 20 Aug 2019 02:30:15 +0000 Subject: [PATCH 2/3] Add xsrf exception to Tensorboard POST requests. Expand xsrf_cookie exceptions, normally only applied to GET and HEAD requests in the IPythonHandler, to POST requests in TensorboardHandler. Provides support for hparams plugin, which uses POST to retrieve experiment information but can't be trivially extended to include xsrf information in these POST requests. Mirrors existing IPythonHandler behavior, falling back to Referer header rather than form parameters. --- jupyter_tensorboard/handlers.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/jupyter_tensorboard/handlers.py b/jupyter_tensorboard/handlers.py index 069983f..300f230 100644 --- a/jupyter_tensorboard/handlers.py +++ b/jupyter_tensorboard/handlers.py @@ -91,6 +91,34 @@ def post(self, name, path): else: raise web.HTTPError(404) + def check_xsrf_cookie(self): + """Expand xsrf check exception for POST requests. + + Expand xsrf_cookie exceptions, normally only applied to GET and HEAD + requests, to POST requests for tensorboard api. + + Provides support for hparams plugin, which uses POST to retrieve + experiment information but can't be trivially extended to include xsrf + information in these POST requests. + + """ + + try: + return super(TensorboardHandler, self).check_xsrf_cookie() + except web.HTTPError: + if self.request.method in {"GET", "POST", "HEAD"}: + # Consider Referer a sufficient cross-origin check for GET requests + # Extended to post for Tensorboard API + if not self.check_referer(): + referer = self.request.headers.get("Referer") + if referer: + msg = "Blocking Cross Origin request from {}.".format(referer) + else: + msg = "Blocking request from unknown origin" + raise web.HTTPError(403, msg) + else: + raise + class TensorboardErrorHandler(IPythonHandler): pass From c3c99db750f787082694f0e622150e4dcafcbfcc Mon Sep 17 00:00:00 2001 From: Alex Ford Date: Sun, 25 Aug 2019 09:56:38 -0700 Subject: [PATCH 3/3] Fix line length linting error in handlers.py --- jupyter_tensorboard/handlers.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/jupyter_tensorboard/handlers.py b/jupyter_tensorboard/handlers.py index 300f230..5615bb4 100644 --- a/jupyter_tensorboard/handlers.py +++ b/jupyter_tensorboard/handlers.py @@ -107,12 +107,16 @@ def check_xsrf_cookie(self): return super(TensorboardHandler, self).check_xsrf_cookie() except web.HTTPError: if self.request.method in {"GET", "POST", "HEAD"}: - # Consider Referer a sufficient cross-origin check for GET requests - # Extended to post for Tensorboard API + # Consider Referer a sufficient cross-origin check for GET + # requests, mirrors logic in IPythonHandler.check_xsrf_cookie. + # Extended to POST for Tensorboard API. if not self.check_referer(): referer = self.request.headers.get("Referer") if referer: - msg = "Blocking Cross Origin request from {}.".format(referer) + msg = ( + "Blocking Cross Origin request from {}." + .format(referer) + ) else: msg = "Blocking request from unknown origin" raise web.HTTPError(403, msg)