- Notifications
You must be signed in to change notification settings - Fork914
docs: add section about how to disable path based apps to security best practices#18419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Conversation
| @@ -60,6 +60,8 @@ If you are providing TLS certificates directly to the Coder server, either | |||
| options (these both take a comma separated list of files; list certificates | |||
| and their respective keys in the same order). | |||
| After you enable a wildcard sub-domain, [disable path-based apps](../../tutorials/best-practices/security-best-practices.md#disable-path-based-apps). | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
"After you configure the wildcard access URL, we recommend disabling path-based apps for security."
| @@ -66,6 +66,31 @@ logs (which have `msg: audit_log`) and retain them for a minimum of two years | |||
| If a security incident with Coder does occur, audit logs are invaluable in | |||
| determining the nature and scope of the impact. | |||
| ### Disable path-based apps | |||
| For production deployments, disable path-based apps. | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
"For production deployments, we recommend disable path-based apps after you've configured a wildcard access URL.
| By default, Coder mitigates the impact of having path-based apps enabled, but we still recommend disabling it to prevent malicious workspaces accessing other workspaces owned by the same user or performing requests against the Coder API. | ||
| If you do keep path-based apps enabled, Coder limits the risk: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
You say both "Coder mitigates the impact" and "Coder limits the risk". You should probably just remove the "Coder limits the risk" line IMO.
| Path-based apps share the same origin as the Coder API. | ||
| This setup is convenient for demos, but can expose the deployment to cross-site-scripting (XSS) attacks in production. | ||
| A malicious workspace could reuse Coder cookies to call the API or interact with other workspaces owned by the same user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Path-based apps share the same origin as the Coder API, which can be convenient for trialing Coder, but can expose the deployment to cross-site-scripting (XSS) attacks in production.
add a new section specifically about how to disable path-based apps to the security best practices doc
todo