1. Failure to start a workspace, with CORS error
1.a. Applies to 'streamlit' only
1.b. Content Security Policy, x-frame-options
2. JupyterLab issues with XSRF
These are not detailed or complete list of issues that may occur. Please contact the Domino Support Team for additional assistance if your problem is different!
1.a. Streamlit takes this parameter:
1.b. Added to Domino 4.1.9, Feature Flag: ShortLived.iFrameSecurityEnabled
2. Add the following parameter to workspace file /home/ubuntu/.jupyter/jupyter_notebook_config.py
"c.NotebookApp.disable_check_xsrf = True" (preRun script or RUN through the Dockerfile/Environment file)
1. CORS can be affected in any Domino version, as the backend services and frontend/LB could disagree on server names this becomes prominent.
1.b. Applies to Domino 4.1.9 and up to Domino 5.
2. Known to affect 4.1+
CORS - Cross Origin Resource Sharing - is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
CSRF - Cross-site request forgery, also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in.