improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

improvements (PR #3368) • Set notebook to dirty state after change to kernel metadata (PR #3350) • Use CSP header to treat served files as belonging to a separate origin (PR #3341) • Don’t install gettext ‘No proxy for’ field. 9.5.2 Content-Security-Policy (CSP) Certain security guidelines recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

state after change to kernel metadata (PR #3350 [https://github.com/jupyter/notebook/pull/3350/]) Use CSP header to treat served files as belonging to a separate origin (PR #3341 [https://github.com/jupy Content-Security-Policy (CSP) Certain security guidelines [https://infosec.mozilla.org/guidelines/web_security.html#content-security- policy] recommend that servers use a Content-Security-Policy (CSP) header to prevent communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

state after change to kernel metadata (PR #3350 [https://github.com/jupyter/notebook/pull/3350/]) Use CSP header to treat served files as belonging to a separate origin (PR #3341 [https://github.com/jupy Content-Security-Policy (CSP) Certain security guidelines [https://infosec.mozilla.org/guidelines/web_security.html#content-security- policy] recommend that servers use a Content-Security-Policy (CSP) header to prevent communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages

state after change to kernel metadata (PR #3350 [https://github.com/jupyter/notebook/pull/3350/]) Use CSP header to treat served files as belonging to a separate origin (PR #3341 [https://github.com/jupy Content-Security-Policy (CSP) Certain security guidelines [https://infosec.mozilla.org/guidelines/web_security.html#content-security- policy] recommend that servers use a Content-Security-Policy (CSP) header to prevent communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages