From 55e4c2ec61257561990bee3dda2129e6b5642f38 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 15 Apr 2025 19:38:13 -0500 Subject: [PATCH 1/4] chore: disable authz-header in all builds Header payload being large is causing some issues in dev builds. Another method of opting in needs to be determined --- coderd/coderd.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/coderd/coderd.go b/coderd/coderd.go index d8e9d96ff7106..2053db6757180 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -465,7 +465,14 @@ func New(options *Options) *API { // We add this middleware early, to make sure that authorization checks made // by other middleware get recorded. if buildinfo.IsDev() { - r.Use(httpmw.RecordAuthzChecks) + // TODO: Find another solution to opt into these checks. + // If the header grows too large, it breaks `fetch()` requests. + // Temporarily disabling this until we can find a better solution. + // One idea is to include checking the request for `X-Authz-Record=true` + // header. To opt in on a per-request basis. + // Some authz calls (like filtering lists) might be able to be + // summarized better to condense the header payload. + //r.Use(httpmw.RecordAuthzChecks) } ctx, cancel := context.WithCancel(context.Background()) From bffabc58da08c636fde1a6776a11a38344202eaf Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 15 Apr 2025 19:42:27 -0500 Subject: [PATCH 2/4] linting --- coderd/coderd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coderd/coderd.go b/coderd/coderd.go index 2053db6757180..8b09ca28982df 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -472,7 +472,7 @@ func New(options *Options) *API { // header. To opt in on a per-request basis. // Some authz calls (like filtering lists) might be able to be // summarized better to condense the header payload. - //r.Use(httpmw.RecordAuthzChecks) + // r.Use(httpmw.RecordAuthzChecks) } ctx, cancel := context.WithCancel(context.Background()) From 1bb1c9254f864e7216f1f37dd9f61b74e7eef722 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 15 Apr 2025 19:43:24 -0500 Subject: [PATCH 3/4] linting --- coderd/coderd.go | 1 + 1 file changed, 1 insertion(+) diff --git a/coderd/coderd.go b/coderd/coderd.go index 8b09ca28982df..6d09998efa7ca 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -464,6 +464,7 @@ func New(options *Options) *API { r := chi.NewRouter() // We add this middleware early, to make sure that authorization checks made // by other middleware get recorded. + //nolint:revive // This block will be re-enabled, not going to remove it if buildinfo.IsDev() { // TODO: Find another solution to opt into these checks. // If the header grows too large, it breaks `fetch()` requests. From 30ba8ea6be262fd08e1ecb8bcd52ca9992bb25d8 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 15 Apr 2025 20:10:18 -0500 Subject: [PATCH 4/4] more linters doing the same thing --- coderd/coderd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coderd/coderd.go b/coderd/coderd.go index 6d09998efa7ca..72ebce81120fa 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -464,7 +464,7 @@ func New(options *Options) *API { r := chi.NewRouter() // We add this middleware early, to make sure that authorization checks made // by other middleware get recorded. - //nolint:revive // This block will be re-enabled, not going to remove it + //nolint:revive,staticcheck // This block will be re-enabled, not going to remove it if buildinfo.IsDev() { // TODO: Find another solution to opt into these checks. // If the header grows too large, it breaks `fetch()` requests.