Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: avoid redirect loop on workspace proxies #9389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 29, 2023
Merged

fix: avoid redirect loop on workspace proxies #9389

merged 5 commits into from
Aug 29, 2023

Conversation

deansheather
Copy link
Member

@deansheather deansheather commented Aug 28, 2023
edited by Emyrk
Loading

Changes the old coder_devurl_session_token cookie to be two new cookies: coder_path_app_session_token and coder_subdomain_app_session_token. This avoids cases where the cookie for both europe.dev.coder.com and .europe.dev.coder.com are both sent to Coder, but we can only set europe.dev.coder.com on path apps.

Changes the signed app token generating and comparing code to always append / to the base path to avoid generating two signed tokens when redirecting from /@user/workspace/apps/app to /@user/workspace/apps/app/ (trailing slash redirect).

We will also now try to validate up to 4 signed app token cookies in the request in case multiple cookies are specified by the browser. Browsers will send all cookies with the same name but different paths, not only a single one with the most specific path.

TODO:

  • Test manually in a browser
  • Add tests for not being able to use the incorrect cookie on the wrong access method
  • Add tests for supplying multiple signed app token cookies in a request and them all being tried (up to 4)

Closes #9109

Emyrk
Emyrk reviewed Aug 28, 2023
View reviewed changes
coderd/workspaceapps/request.go
Comment on lines +106 to +109
if !strings.HasSuffix(req.BasePath, "/") {
req.BasePath += "/"
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing it here 👍

@Emyrk
Copy link
Member

Emyrk commented Aug 28, 2023

Veried on a local deployment and path based apps.

Emyrk
Emyrk approved these changes Aug 29, 2023
View reviewed changes
Copy link
Member

@Emyrk Emyrk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just added tests to @deansheather's PR 👍

@Emyrk Emyrk merged commit 5993f85 into main Aug 29, 2023
@Emyrk Emyrk deleted the dean/fix-app-redirect-loop branch August 29, 2023 01:34
@github-actions github-actions bot locked and limited conversation to collaborators Aug 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Emyrk Emyrk Emyrk approved these changes

Assignees

@deansheather deansheather

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Blank screen when accessing code-server
2 participants
@deansheather @Emyrk