- Notifications
You must be signed in to change notification settings - Fork1k
docs: add section about how to disable path based apps to security best practices#18419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes from8 commits
Commits
Show all changes
9 commits Select commitHold shift + click to select a range
1dcc3f4 add disable path-based app section
EdwardAngert3a35413 edit path-based apps section
EdwardAngerta5486ca link to disable path-based
EdwardAngert0dffcbe link to heading
EdwardAngertd2bb9f3 suggestions from review
EdwardAngertf9a5c63 Merge branch 'main' into disable-path-based-apps
EdwardAngert868e043 md tweak
EdwardAngert0d9b6fb Merge branch 'main' into disable-path-based-apps
EdwardAngert127365d Update docs/tutorials/best-practices/security-best-practices.md
EdwardAngertFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
2 changes: 2 additions & 0 deletionsdocs/admin/setup/index.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletionsdocs/tutorials/best-practices/security-best-practices.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -66,6 +66,33 @@ logs (which have `msg: audit_log`) and retain them for a minimum of two years | ||
| If a security incident with Coder does occur, audit logs are invaluable in | ||
| determining the nature and scope of the impact. | ||
| ### Disable path-based apps | ||
| For production deployments, we recommend that you disable path-based apps after you've configured a wildcard access URL. | ||
| Path-based apps share the same origin as the Coder API, which can be convenient for trialing Coder, | ||
| but can expose the deployment to cross-site-scripting (XSS) attacks in production. | ||
| A malicious workspace could reuse Coder cookies to call the API or interact with other workspaces owned by the same user. | ||
| 1. [Enable sub-domain apps with a wildcard DNS record](../../admin/setup/index.md#wildcard-access-url) (like `*.coder.example.com`) | ||
| 1. Disable path-based apps: | ||
| ```shell | ||
| coderd server --disable-path-apps | ||
| # or | ||
| export CODER_DISABLE_PATH_APPS=true | ||
| ``` | ||
| By default, Coder mitigates the impact of having path-based apps enabled, but we still recommend disabling it to prevent | ||
| malicious workspaces accessing other workspaces owned by the same user or performing requests against the Coder API. | ||
| If you do keep path-based apps enabled: | ||
| - Path-based apps cannot be shared with other users unless you start the Coder server with `--dangerous-allow-path-app-sharing`. | ||
| - Users with the site `owner` role cannot use their admin privileges to access path-based apps for workspace unless the | ||
EdwardAngert marked this conversation as resolved. OutdatedShow resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| server is started with `--dangerous-allow-path-app-site-owner-access`. | ||
| ## PostgreSQL | ||
| PostgreSQL is the persistent datastore underlying the entire Coder deployment. | ||
Oops, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.