Commit3f9af6f

authored

chore: Allow cors requests to workspace proxies for latency checks (#7484)

* CSP addition for web requests* chore: Add cors to workspace proxies to allow for latency checks

1 parentd17ea84 commit3f9af6fCopy full SHA for 3f9af6f

File tree

+23

-1

lines changed

+23

-1

lines changed

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,8 @@ func CSPHeaders(websocketHosts func() []string) func(next http.Handler) http.Han`
`104`	`104`	`iflen(extraConnect)>0 {`
`105`	`105`	`for_,extraHost:=rangeextraConnect {`
`106`	`106`	`cspSrcs.Append(cspDirectiveConnectSrc,fmt.Sprintf("wss://%[1]s ws://%[1]s",extraHost))`
	`107`	`+// We also require this to make http/https requests to the workspace proxy for latency checking.`
	`108`	`+cspSrcs.Append(cspDirectiveConnectSrc,fmt.Sprintf("https://%[1]s http://%[1]s",extraHost))`
`107`	`109`	`}`
`108`	`110`	`}`
`109`	`111`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`	`"time"`
`12`	`12`
`13`	`13`	`"github.com/go-chi/chi/v5"`
	`14`	`+"github.com/go-chi/cors"`
`14`	`15`	`"github.com/google/uuid"`
`15`	`16`	`"github.com/prometheus/client_golang/prometheus"`
`16`	`17`	`"go.opentelemetry.io/otel/trace"`
`@@ -197,6 +198,20 @@ func New(ctx context.Context, opts Options) (Server, error) {`
`197`	`198`	`httpmw.ExtractRealIP(s.Options.RealIPConfig),`
`198`	`199`	`httpmw.Logger(s.Logger),`
`199`	`200`	`httpmw.Prometheus(s.PrometheusRegistry),`
	`201`	`+// The primary coderd dashboard needs to make some GET requests to`
	`202`	`+// the workspace proxies to check latency.`
	`203`	`+cors.Handler(cors.Options{`
	`204`	`+AllowedOrigins: []string{`
	`205`	`+// Allow the dashboard to make requests to the proxy for latency`
	`206`	`+// checks.`
	`207`	`+opts.DashboardURL.String(),`
	`208`	`+},`
	`209`	`+// Only allow GET requests for latency checks.`
	`210`	`+AllowedMethods: []string{http.MethodGet},`
	`211`	`+AllowedHeaders: []string{"Accept","Content-Type"},`
	`212`	`+// Do not send any cookies`
	`213`	`+AllowCredentials:false,`
	`214`	`+}),`
`200`	`215`
`201`	`216`	`// HandleSubdomain is a middleware that handles all requests to the`
`202`	`217`	`// subdomain-based workspace apps.`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,10 @@ require (`
`174`	`174`	`tailscale.comv1.32.2`
`175`	`175`	`)`
`176`	`176`
`177`		`-requiregithub.com/armon/go-radixv1.0.0// indirect`
	`177`	`+require (`
	`178`	`+github.com/armon/go-radixv1.0.0// indirect`
	`179`	`+github.com/go-chi/corsv1.2.1// indirect`
	`180`	`+)`
`178`	`181`
`179`	`182`	`require (`
`180`	`183`	`cloud.google.com/go/computev1.18.0// indirect`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -599,6 +599,8 @@ github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=`
`599`	`599`	`github.com/go-chi/chiv1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=`
`600`	`600`	`github.com/go-chi/chi/v5v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=`
`601`	`601`	`github.com/go-chi/chi/v5v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=`
	`602`	`+github.com/go-chi/corsv1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=`
	`603`	`+github.com/go-chi/corsv1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=`
`602`	`604`	`github.com/go-chi/httpratev0.7.1 h1:d5kXARdms2PREQfU4pHvq44S6hJ1hPu4OXLeBKmCKWs=`
`603`	`605`	`github.com/go-chi/httpratev0.7.1/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A=`
`604`	`606`	`github.com/go-chi/renderv1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=`

Comments

(0)