coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Uniquely name coder cookies that get stripped for applications #3751

New issue

Closed

#3786

Closed

Uniquely name coder cookies that get stripped for applications#3751

#3786

Labels

apiArea: HTTP API

Description

Emyrk

opened

on Aug 30, 2022

Our cookie is namedsession_token which is quite generic. We strip this when forwarding application traffic, meaning any application hosted cannot use this cookie. I suggest we prefix all our cookies withcoder_ to deconflict anything in future.

Cookie names:

coder/codersdk/client.go

Lines 23 to 25 in3e30cdd

	SessionTokenKey="session_token"
	OAuth2StateKey="oauth_state"
	OAuth2RedirectKey="oauth_redirect"

Cookie Strip:

coder/coderd/workspaceapps.go

Line 143 in3e30cdd

r.Header.Add("Cookie",httpapi.StripCoderCookies(cookieHeader))

Metadata

Assignees

No one assigned

Labels

apiArea: HTTP API

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uniquely name coder cookies that get stripped for applications #3751

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions