I to am struggling with this, trying to run rstudio server without using a container or proot. I have the server starting ok, but can’t get this token thing to work at all. Trying to follwo the timeline above and get everything in the right place I have:
view.html.erb:
<script>
document.cookie = "csrf-token=<%= csrf_token %>; path=/rnode/<%= host %>/<%= port %>; secure";
</script>
<form action="/rnode/<%= host %>/<%= port %>/auth-do-sign-in" method="post" target="_blank">
<input type="hidden" name="username" value="<%= ENV["USER"] %>">
<input type="hidden" name="password" value="<%= password %>">
<input type="hidden" name="staySignedIn" value="1">
<input type="hidden" name="appUri" value="">
<input type="hidden" name="csrf-token" value="<%= csrf_token %>"/>
<button class="btn btn-primary" type="submit">
<i class="fa fa-registered"></i> Connect to RStudio Server
</button>
</form>
submit.yml:
conn_params:
- csrf_token
and before.sh.erb:
<%-
require 'securerandom'
csrftoken = SecureRandom.uuid
-%>
export csrf_token="<%= csrftoken %>"
As noted, the server starts fine but when I view the source of the launch bit in firefox developer tools it shows the hidden csrf-token with value="" and auth to the rstudio-server instance fails. What bits am I missing here?