These are chat archives for ipython/ipython

9th
Dec 2014
Scott Sanderson
@ssanderson
Dec 09 2014 00:04
@minrk thanks. Would you object if I threw up a PR for some lightweight output validation in the ContentsManager base?
specifically, I'd just want to verify that a minimal set of keys are present in the return values for get, save, and update
even if it doesn't get accepted it would probably be a useful exercise for me to make sure I understand what's happening
Min RK
@minrk
Dec 09 2014 01:04
@ssanderson Yeah, that would be great. Simple checks should be helpful.
Scott Sanderson
@ssanderson
Dec 09 2014 01:09
the other thing I'm unsure of from reading the code base and docs is when None/unspecified is an acceptable input for type_ in get
Min RK
@minrk
Dec 09 2014 01:13
Okay, we can clarify that
in requests, all arguments are optional except PATH
requesting a specific type basically lets you force a server-side error
e.g. the text editor only understands files as text - if it's not text, it shouldn't have to download the base64 data to the client just to fail. It lets the failure happen earlier.
specifying type or format is equivalent to "give me this in the given type/format, or don't give me anything at all"
But those args are never required
Scott Sanderson
@ssanderson
Dec 09 2014 01:18
Gotcha
Matthias Bussonnier
@Carreau
Dec 09 2014 08:01
@jdfreder non I was not. Can I do something for you ?
Jason Grout
@jasongrout
Dec 09 2014 15:40
@jdfreder: where are you in the widget padding issue? The issue we had a while ago is that all widget boxes had a 5px margin. This was bad when you tried to nest deeply---way too much whitespace.
Dave Hirschfeld
@dhirschfeld
Dec 09 2014 16:32
Updating to the latest master I can no longer view my notebook page when embedded in an iframe. In the log I see a content security violation - "violated-directive":"frame-ancestors ..." Is there something new I need to do to allow embedding in an iframe?
My webapp_settings are currently:
c.NotebookApp.webapp_settings = {'headers': {'X-Frame-Options': ''}}
Jonathan Frederic
@jdfreder
Dec 09 2014 17:00
@Carreau I just wanted to talk about the jsdoc stuff. But I ended up summarizing it in the pull request
Matthias Bussonnier
@Carreau
Dec 09 2014 17:01
Ok.
Jonathan Frederic
@jdfreder
Dec 09 2014 17:01
@jasongrout , I opened a pr for it, but I'm on my phone right now so I can't lookup the number for you
Matthias Bussonnier
@Carreau
Dec 09 2014 17:01
That's a bummer for jsdoc.
Jonathan Frederic
@jdfreder
Dec 09 2014 17:02
I
Matthias Bussonnier
@Carreau
Dec 09 2014 17:02
@dhirschfeld you should Use CSP, X-Frame-Option was broken by design IIRC : ipython/ipython#7016
Kyle Kelley
@rgbkrk
Dec 09 2014 17:28
@dhirschfeld :) My PR was merged since we last talked about that
@dhirschfeld You have a lot of choices here now
Either the really wide open no security protection mode
c.NotebookApp.tornado_settings = {
    'headers': {
        'Content-Security-Policy': ""
    }
}
Or you can set a domain for the iframing.
By default, we don't want an arbitrary site on the internet to be able to put up <iframe src="127.0.0.1:8888"></iframe> and trick anyone into showing their kernel list or other details
Kyle Kelley
@rgbkrk
Dec 09 2014 17:35
To use the iframe embedding prevention on your own domain, you would need to set the Content Security Policy (CSP) on that domain for frame-src, e.g. frame-src *.example.org
This would allow any subdomain of example.org to embed your notebook in an iframe
(but not example.org)
Fernando Perez
@fperez
Dec 09 2014 19:07
@rgbkrk are you around?
just wanted to do the dns fix with you at the other end of the line to confirm...
no rush
Kyle Kelley
@rgbkrk
Dec 09 2014 19:09
@fperez yeah, I'm here
Want me to call?
Kyle Kelley
@rgbkrk
Dec 09 2014 20:01
Now that we're on CloudFlare, look what works
(default is still http though)
Jason Grout
@jasongrout
Dec 09 2014 20:19
https://nbviewer.ipython.org/ returns "This webpage is not available" :)
Thomas Kluyver
@takluyver
Dec 09 2014 20:23
'Unable to establish a connection' here
Kyle Kelley
@rgbkrk
Dec 09 2014 20:26
hmmm yeah
Min RK
@minrk
Dec 09 2014 20:26
Kyle Kelley
@rgbkrk
Dec 09 2014 20:26
no, I do mean with ssl
seems like it sometimes works, sometimes not
Min RK
@minrk
Dec 09 2014 20:26
yeah, with ssl, but on jupyter.org, not ipython.org
Kyle Kelley
@rgbkrk
Dec 09 2014 20:26
CloudFlare just configured certs for ipython.org just now
it will take a bit to propagate I imagine
I ran into this when I migrated https://lambdaops.com
I shouldn't have announced so early in here
:P
2014-12-09 14.18.25.jpg
I'm busy being a kangaroo at the moment
Thomas Kluyver
@takluyver
Dec 09 2014 20:31
@ellisonbg @jdfreder @rgbkrk - does anyone want to review Min's text editor improvements, #7128, any more? If you're happy, I'm going to merge it.
Jonathan Frederic
@jdfreder
Dec 09 2014 20:33
I'm ok with it being merged, I haven't had a chance to read through it yet though
I'm looking at it now
Am I the only one who sees "this" highlighted in red now? Did GH change their color scheme?
Or did I turn on some weird setting
It's annoying
Thomas Kluyver
@takluyver
Dec 09 2014 20:34
Github is now highlighting diffs, I believe
before the diff was unhighlighted
Jonathan Frederic
@jdfreder
Dec 09 2014 20:34
"this." highlighted in red (or maybe it's orange, hard to tell on this monitor) makes me think it's deleted everywhere
or conflicting
they should have used purple or something
or blink tags
Kyle Kelley
@rgbkrk
Dec 09 2014 20:35
<marquee> Marquee is best </marquee>
Darn, I had hoped gitter wasn't sanitizing
Jonathan Frederic
@jdfreder
Dec 09 2014 20:36
<marquee><h1><blink>this.</blink></h1></marquee>
lol
sad day, need FF<23 to use blink
at least marquee still works...
Jonathan Frederic
@jdfreder
Dec 09 2014 20:46
I'm sorry
I couldn't resist
Thomas Kluyver
@takluyver
Dec 09 2014 20:49
well done
Min RK
@minrk
Dec 09 2014 20:51
erm, so, obviously GitHub should be using solarized for their code highlighting
Kyle Kelley
@rgbkrk
Dec 09 2014 21:03
oh god I see the syntax highlighting now
Jonathan Frederic
@jdfreder
Dec 09 2014 21:35
@takluyver I +1'ed it if you still want to click the button
@rgbkrk nice kangaroo pic