Fixes issue #7544 which adding a cookie-suffix flag #7590
Conversation
Fixes coder#7544 but is it the best way?
code-asher
left a comment
code-asher
left a comment
There was a problem hiding this comment.
Sorry it took so long to review this. I like the direction we are headed!
src/common/http.ts
Outdated
| export enum CookieKeys { | ||
| Session = "code-server-session", | ||
| export const CookieKeys = { | ||
| Session: `code-server-session${process.env?.COOKIE_SUFFIX ? "-" + process.env?.COOKIE_SUFFIX : ""}`, |
There was a problem hiding this comment.
This pulls off the environment variable, but if someone sets --cookie-suffix then this will not pick up anything since it is on the flag and not in the env.
What if we made this a function? Something like:
function cookieKey(suffix) {
// return the key name here
}
And then where we need it we can call it like:
cookieKey(req.args["cookie-suffix"]
There was a problem hiding this comment.
Oops, yeah your right... I somehow thought this would adress that (but it is the other way around XD):
if (process.env.COOKIE_SUFFIX) {
args["cookie-suffix"] = process.env.COOKIE_SUFFIX
}But I dont quite get what you want to do with the function.
Do you want to do something like this:
// From
export const CookieKeys = {
Session: `code-server-session${process.env?.CODE_SERVER_COOKIE_SUFFIX? "-" + process.env?.CODE_SERVER_COOKIE_SUFFIX : ""}`,
}
// To
export function CookieKeys(suffix: string) {
...
return { Session: "..." }
}Or more like this:
function getCookieSessionName(): string {
if (process.env?.CODE_SERVER_COOKIE_SUFFIX) {
return `code-server-session-${process.env.CODE_SERVER_COOKIE_SUFFIX}`
}
if (args["cookie-suffix"]) {
return .....
}
return "code-server-session";
}
export const CookieKeys = {
Session: getCookieSessionName(),
}Because from what I understand, it seems like you want to do something like the first example which does not make a lot of sense to me. This should be set one time at start up and then not be changed and also a function would mean that you had to replace every call to this to a function.
Lastly, how could i get the cli-arguments? Is there also something like process.cliArgs or a variabel that i have to import from somewhere?
src/node/cli.ts
Outdated
| usingEnvPassword = false | ||
| } | ||
|
|
||
| if (process.env.COOKIE_SUFFIX) { |
There was a problem hiding this comment.
We started prefixing our environment variables to avoid collision so we should call this CODE_SERVER_COOKIE_SUFFIX.
2 participants
I added the
cookie-suffixflag and environment variable. This adds the possibility for the user to fix the issue but the default option would still be the same (Best for backwards compatibility).This PR does fix the issue #7544 where a subdomain would not use the right cookie because of the wildcard cookie set by a domain of higher order.