Can't create Notebooks from web app when port-forwarding ISTIO gateway

[kimwnasptd]

/kind bug

What steps did you take and what happened:

1. Port forward the Istio ingress gateway and access Kubeflow over localhost
2. Navigate the the Notebooks Management UI
3. Click LAUNCH in the form and try to spawn a Notebook

After this I got an error due to CSRF header missing in the POST request.

What did you expect to happen:
I would expect the app to be able to work, if accessed over localhost.

Anything else you would like to add:
This is because right now we always use Secure attribute when setting the CSRF cookie. This means that the cookie will not be set in the browser, if the request happens over http.

Here's also the relevant MDN info:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Secure

Note: Insecure sites (http:) can't set cookies with the Secure attribute (since Chrome 52 and Firefox 52).

cc @yanniszark @elikatsis

[kimwnasptd]

I can create a small PR that will introduce an APP_SECURE_COOKIES env variable that will control whether our apps should use Secure cookies or not. This will allow people to make the apps work even if exposed over http with a simple change in the manifests.

/assign @kimwnasptd

[saumilsdk]

Here is how I did the fix in KF 1.4 and K8 1.21

[tiansiyuan]

Same issue with KF 1.8.

kubeflow/manifests#2569

And same with another installation, KF 1.8 on Microk8s 1.24 on a Google cloud VM (Ubuntu 22.04.4 LTS).

[tiansiyuan]

Here is how I did the fix in KF 1.4 and K8 1.21

Thanks. This works for me.