Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mime type of Javascript inferred incorrectly for Tensorboard #405

Open
whatnick opened this issue Apr 28, 2023 · 4 comments
Open

Mime type of Javascript inferred incorrectly for Tensorboard #405

whatnick opened this issue Apr 28, 2023 · 4 comments
Labels
bug

Comments

@whatnick
Copy link

Bug description

Mime type inference failure for tensorboard javascript file served by application with a query parameter.

Expected behaviour

Tensorboard application running withing Notebook container should load without issues in browsers with the MIME Type verification security feature enabled i.e. resources are not loaded if the browser sniffed MIME type is different from the server advertised mime type.

https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/

Actual behaviour

JupyterHub proxy fails to infer mimetype of file such as index.js?_file_hash=8b6358c7 as text/javascript

How to reproduce

  • Install tensorboard in jupyterhub with the proxy service running
  • Run tensorboard using tensorboard --logdir training
  • Server starts up on port 6006
  • Visit the server using proxy via path proxy/6006/
  • Tensorboard fails to load with this error
The resource from “[https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7”](https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7%E2%80%9D) was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 6006

Your personal set up

Zero-to-JupyterHub on EKS

  • OS:
    JupyterHub on EKS with Image built from Ubuntu 22.04
  • Version(s):
    JupyterHub : 3.11
    Python : 3.10.6
@whatnick whatnick added the bug label Apr 28, 2023
@welcome
Copy link

welcome bot commented Apr 28, 2023

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@manics
Copy link
Member

manics commented Apr 28, 2023

jupyter-server-proxy should be proxying everything though. What mimetype header is sent by tensorboard?

@whatnick
Copy link
Author

whatnick commented Apr 28, 2023 via email

@mahendrapaipuri
Copy link

We use tensorboard with JSP and JupyterLab and we didnt see any issues. Which version of tensorboard are you using?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@whatnick @manics @mahendrapaipuri