403 Forbidden on Jupyter notebooks after updating from 13.0.0 to 13.0.3

Hello,
I'm using a custom installed dataiku, on debian 11, free license (with advanced features trial).
I'm getting "403 Forbbiden" when opening jupyter notebooks after updating from 13.0.0 to 13.0.3.
I've noticed that I don't get them when connecting to the Dataiku instance directly from my home network, only when doing through the home proxy (nginx) that allows external access.
I've noticed that you introduced a new permissions check in 13.0.1 ( https://doc.dataiku.com/dss/latest/security/advisories/dsa-2024-005.html ) that could be the cause for this.
My guess is that i should add something to my nginx configuration to work together with your fix, but I have no clue what it is. This is my current nginx configuration that allows websockets to work seamlessly from outside my home network:
location / { proxy_pass http://192.168.2.24:10000/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Allows websockets proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; }
Could you help ? thanks !
Operating system used: Debian 11
Best Answer
-
Finally figured it out. My Nginx configuration adds web basic authentication (to add an extra layer of security) and the "Authorization" header that the browser generates to authenticate, when forwarded to the jupyter notebook URLS, triggers the "forbidden" message.
Adding this line to the nginx configuration fixed the problem for me:
proxy_set_header Authorization "";
This removes the "Authorization" HTTP header before proxying the request to Dataiku, and the problem dissapears. This header is only used by nginx and it's not needed by Dataiku, it's not removing any authentication needed by Dataiku.
Answers
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023, Circle Member Posts: 2,591 Neuron
There are some sample nginx reverse proxy configuration snippets in the documentation:
https://doc.dataiku.com/dss/latest/installation/custom/reverse-proxy.html
-
Thanks for pointing that out, I've just tried the suggested configuration and still didn't work.
-
Still happens in 13.1.3 , I've noticed it only happens with reversed HTTPS connections, HTTP works fine.
Tried both Nginx and Apache2