avoids clobbering cookies when multiple notebook servers are run on one host.
Users can override `cookie_options.path = ‘/‘` if they *want* cookies to be shared across notebooks on one host.
During the deprecation/removal of the `@json_errors` decorator, the
`reason` field was not carried forward into the compatible replacement
method `APIHandler.write_error`. This broke some client (tests) that
relied on that field's presence.
Fixes#2957.
we already apply this logic in our server-side checks,
but browsers check `Access-Control-Allow-Origin` headers themselves as well,
meaning that token-authenticated requests can’t be made cross-origin without CORS headers from browsers,
only scripts.
This makes default browser and server-side origin checks consistent
get_current_user is called in a few places that really shouldn’t raise
move the raising to `get_login_url`, which is called in `@web.authenticated`,
where we want to replace redirect logic with 403.
* provide some top level comments
* implement buffering of messages on last dropped connection
- buffer is per-kernel
- session_key is stored because only a single session can resume the buffer and we can't be sure
- on any new connection to a kernel, buffer is flushed.
If session_key matches, it is replayed.
Otherwise, it is discarded.
- buffer is an unbounded list for now
* restore actual zmq channels when resuming connection
rather than establishing new connections
fixes failure to resume shell channel
* hookup restart callbacks in open
instead of in `create_stream`, which is not called on reconnect
* improve handling of restored connections in js
- dismiss 'connection lost' dialog on reconnect
- set busy status on reconnect (if not busy, idle will come soon after via kernel_ready)
* ...
* ...
* ...
* add translated files in Chinese.
* Remove compiled message files
* Consolidate translations into one set of files
* Rename .pot files to .po
* Add zh-CN to list of supported languages
* Ignore compiled .mo files
* Revert a couple of unimportant changes
