Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes for templates, add support for tornado settings #69

Merged
merged 1 commit into from
Mar 27, 2019
Merged

Fixes for templates, add support for tornado settings #69

merged 1 commit into from
Mar 27, 2019

Conversation

timkpaine
Copy link
Member

@timkpaine timkpaine commented Feb 20, 2019

As an example, embed voila in an iframe and set

v = Voila()
v.tornado_settings = {'headers': {'Content-Security-Policy': "frame-ancestors 'self' localhost:*"}}

@maartenbreddels
Copy link
Member

Hi Tim,

looking good, the template_name workaround should not have been necessary, it actually exposes a bug. We can consider it a workaround and keep it in for now.
Could you rename extra_tornado_settings to tornado_settings so it is consistent with the classical notebook?

@timkpaine
Copy link
Member Author

moved the CSP stuff to a standalone PR in #89

@timkpaine timkpaine changed the title Fixes for templates, adding CSP endpoint for iframe embedding Fixes for templates Mar 26, 2019
…nado settings for embeding voila in iframes/mixed origin

github's merge was bad
@timkpaine timkpaine changed the title Fixes for templates Fixes for templates, add support for tornado settings Mar 26, 2019
@timkpaine
Copy link
Member Author

@maartenbreddels rebased so it should be cleaner to see

@maartenbreddels
Copy link
Member

Looks good tim! Thanks.
I had some issue testing this from the command line due to nested quotes, the magic line (for bash/zsh) is:

voila notebooks/basics.ipynb --autoreload=True --Voila.tornado_settings=$'{"headers":{"Content-Security-Policy":"frame-ancestors \'*\' localhost:*; report-uri /api/security/csp-report" }}'

For further reference, this is needed if you want to tell a browser it is ok that voila is rendered in an iframe from a different domain (its parent), otherwise they will not allow it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants