Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3e4ba61

Browse files
dannykoppingdannykopping
committed
Hard & simplify CORORS handling logic
Signed-off-by: Danny Kopping <[email protected]>
1 parent 94cf49e commit 3e4ba61

File tree

2 files changed

+22
-10
lines changed

2 files changed

+22
-10
lines changed

coderd/httpmw/cors.go

-6
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"github.com/go-chi/cors"
99

1010
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
11-
ws_cors "github.com/coder/coder/v2/coderd/workspaceapps/cors"
1211
)
1312

1413
const (
@@ -48,11 +47,6 @@ func Cors(allowAll bool, origins ...string) func(next http.Handler) http.Handler
4847
func WorkspaceAppCors(regex *regexp.Regexp, app appurl.ApplicationURL) func(next http.Handler) http.Handler {
4948
return cors.Handler(cors.Options{
5049
AllowOriginFunc: func(r *http.Request, rawOrigin string) bool {
51-
// If passthru behavior is set, disable our simplified CORS handling.
52-
if ws_cors.HasBehavior(r.Context(), ws_cors.AppCORSBehaviorPassthru) {
53-
return true
54-
}
55-
5650
origin, err := url.Parse(rawOrigin)
5751
if rawOrigin == "" || origin.Host == "" || err != nil {
5852
return false

coderd/workspaceapps/proxy.go

+22-4
Original file line numberDiff line numberDiff line change
@@ -424,24 +424,42 @@ func (s *Server) HandleSubdomain(middlewares ...func(http.Handler) http.Handler)
424424
return
425425
}
426426

427-
// Use the passed in app middlewares and CORS middleware with the token
428-
mws := chi.Middlewares(append(middlewares, s.injectCORSBehavior(token), httpmw.WorkspaceAppCors(s.HostnameRegex, app)))
427+
// Proxy the request (possibly with the CORS middleware).
428+
mws := chi.Middlewares(append(middlewares, s.determineCORSBehavior(token, app)))
429429
mws.Handler(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
430430
s.proxyWorkspaceApp(rw, r, *token, r.URL.Path, app)
431431
})).ServeHTTP(rw, r.WithContext(ctx))
432432
})
433433
}
434434
}
435435

436-
func (s *Server) injectCORSBehavior(token *SignedToken) func(http.Handler) http.Handler {
436+
// determineCORSBehavior examines the given token and conditionally applies
437+
// CORS middleware if the token specifies that behavior.
438+
func (s *Server) determineCORSBehavior(token *SignedToken, app appurl.ApplicationURL) func(http.Handler) http.Handler {
437439
return func(next http.Handler) http.Handler {
440+
// Create the CORS middleware handler upfront.
441+
corsHandler := httpmw.WorkspaceAppCors(s.HostnameRegex, app)(next)
442+
438443
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
439444
var behavior cors.AppCORSBehavior
440445
if token != nil {
441446
behavior = token.CORSBehavior
442447
}
443448

444-
next.ServeHTTP(rw, r.WithContext(cors.WithBehavior(r.Context(), behavior)))
449+
// Add behavior to context regardless of which handler we use,
450+
// since we will use this later on to determine if we should strip
451+
// CORS headers in the response.
452+
r = r.WithContext(cors.WithBehavior(r.Context(), behavior))
453+
454+
switch behavior {
455+
case cors.AppCORSBehaviorPassthru:
456+
// Bypass the CORS middleware.
457+
next.ServeHTTP(rw, r)
458+
return
459+
default:
460+
// Apply the CORS middleware.
461+
corsHandler.ServeHTTP(rw, r)
462+
}
445463
})
446464
}
447465
}

0 commit comments

Comments
 (0)