Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Uniquely name coder cookies that get stripped for applications #3751

New issue
New issue
Closed
#3786
Closed
Uniquely name coder cookies that get stripped for applications#3751
#3786
Labels
apiArea: HTTP API
@Emyrk

Description

@Emyrk
Emyrk
opened on Aug 30, 2022

Our cookie is named session_token which is quite generic. We strip this when forwarding application traffic, meaning any application hosted cannot use this cookie. I suggest we prefix all our cookies with coder_ to deconflict anything in future.

Cookie names:

coder/codersdk/client.go

Lines 23 to 25 in 3e30cdd

SessionTokenKey = "session_token"
OAuth2StateKey = "oauth_state"
OAuth2RedirectKey = "oauth_redirect"

Cookie Strip:

coder/coderd/workspaceapps.go

Line 143 in 3e30cdd

r.Header.Add("Cookie", httpapi.StripCoderCookies(cookieHeader))

Metadata

Metadata

Assignees

No one assigned

    Labels

    apiArea: HTTP API

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions