selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
coder/coderd/workspaceapps_test.go

300 lines
8.8 KiB
Go
Raw Normal View History

feat: Add workspace application support (#1773) * feat: Add app support This adds apps as a property to a workspace agent. The resource is added to the Terraform provider here: https://github.com/coder/terraform-provider-coder/pull/17 Apps will be opened in the dashboard or via the CLI with `coder open <name>`. If `command` is specified, a terminal will appear locally and in the web. If `target` is specified, the browser will open to an exposed instance of that target. * Compare fields in apps test * Update Terraform provider to use relative path * Add some basic structure for routing * chore: Remove interface from coderd and lift API surface Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. * Add basic proxy logic * Add proxying based on path * Add app proxying for wildcards * Add wsconncache * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * Add workspace route proxying endpoint - Makes the workspace conn cache concurrency-safe - Reduces unnecessary open checks in `peer.Channel` - Fixes the use of a temporary context when dialing a workspace agent * Add embed errors * chore: Refactor site to improve testing It was difficult to develop this package due to the embed build tag being mandatory on the tests. The logic to test doesn't require any embedded files. * Add test for error handler * Remove unused access url * Add RBAC tests * Fix dial agent syntax * Fix linting errors * Fix gen * Fix icon required * Adjust migration number * Fix proxy error status code * Fix empty db lookup
2022-06-04 20:13:37 +00:00
package coderd_test
import (
"context"
"net"
chore: add workspace proxies to the backend (#7032) Co-authored-by: Dean Sheather <dean@deansheather.com>
2023-04-17 19:57:21 +00:00
"net/http"
feat: Add serving applications on subdomains and port-based proxying (#3753) Co-authored-by: Dean Sheather <dean@deansheather.com>
2022-09-13 17:31:33 +00:00
"net/url"
feat: Add workspace application support (#1773) * feat: Add app support This adds apps as a property to a workspace agent. The resource is added to the Terraform provider here: https://github.com/coder/terraform-provider-coder/pull/17 Apps will be opened in the dashboard or via the CLI with `coder open <name>`. If `command` is specified, a terminal will appear locally and in the web. If `target` is specified, the browser will open to an exposed instance of that target. * Compare fields in apps test * Update Terraform provider to use relative path * Add some basic structure for routing * chore: Remove interface from coderd and lift API surface Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. * Add basic proxy logic * Add proxying based on path * Add app proxying for wildcards * Add wsconncache * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * Add workspace route proxying endpoint - Makes the workspace conn cache concurrency-safe - Reduces unnecessary open checks in `peer.Channel` - Fixes the use of a temporary context when dialing a workspace agent * Add embed errors * chore: Refactor site to improve testing It was difficult to develop this package due to the embed build tag being mandatory on the tests. The logic to test doesn't require any embedded files. * Add test for error handler * Remove unused access url * Add RBAC tests * Fix dial agent syntax * Fix linting errors * Fix gen * Fix icon required * Adjust migration number * Fix proxy error status code * Fix empty db lookup
2022-06-04 20:13:37 +00:00
"testing"
"github.com/stretchr/testify/require"
chore: add /v2 to import module path (#9072) * chore: add /v2 to import module path go mod requires semantic versioning with versions greater than 1.x This was a mechanical update by running: ``` go install github.com/marwan-at-work/mod/cmd/mod@latest mod upgrade ``` Migrate generated files to import /v2 * Fix gen
2023-08-18 18:55:43 +00:00
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbgen"
"github.com/coder/coder/v2/coderd/database/dbtestutil"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/apptest"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/testutil"
chore(cli): replace clibase with external `coder/serpent` (#12252)
2024-03-15 16:24:38 +00:00
"github.com/coder/serpent"
feat: Add workspace application support (#1773) * feat: Add app support This adds apps as a property to a workspace agent. The resource is added to the Terraform provider here: https://github.com/coder/terraform-provider-coder/pull/17 Apps will be opened in the dashboard or via the CLI with `coder open <name>`. If `command` is specified, a terminal will appear locally and in the web. If `target` is specified, the browser will open to an exposed instance of that target. * Compare fields in apps test * Update Terraform provider to use relative path * Add some basic structure for routing * chore: Remove interface from coderd and lift API surface Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. * Add basic proxy logic * Add proxying based on path * Add app proxying for wildcards * Add wsconncache * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * Add workspace route proxying endpoint - Makes the workspace conn cache concurrency-safe - Reduces unnecessary open checks in `peer.Channel` - Fixes the use of a temporary context when dialing a workspace agent * Add embed errors * chore: Refactor site to improve testing It was difficult to develop this package due to the embed build tag being mandatory on the tests. The logic to test doesn't require any embedded files. * Add test for error handler * Remove unused access url * Add RBAC tests * Fix dial agent syntax * Fix linting errors * Fix gen * Fix icon required * Adjust migration number * Fix proxy error status code * Fix empty db lookup
2022-06-04 20:13:37 +00:00
)
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
func TestGetAppHost(t *testing.T) {
t.Parallel()
fix: fix app hostname returning port number (#5441)
2022-12-15 18:43:00 +00:00
cases := []struct {
name string
accessURL string
appHostname string
expected string
}{
{
name: "OK",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
expected: "*.test.coder.com",
},
{
name: "None",
accessURL: "https://test.coder.com",
appHostname: "",
expected: "",
},
{
name: "OKWithPort",
accessURL: "https://test.coder.com:8443",
appHostname: "*.test.coder.com",
expected: "*.test.coder.com:8443",
},
{
name: "OKWithSuffix",
accessURL: "https://test.coder.com:8443",
appHostname: "*--suffix.test.coder.com",
expected: "*--suffix.test.coder.com:8443",
},
}
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
for _, c := range cases {
c := c
fix: fix app hostname returning port number (#5441)
2022-12-15 18:43:00 +00:00
t.Run(c.name, func(t *testing.T) {
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
t.Parallel()
fix: fix app hostname returning port number (#5441)
2022-12-15 18:43:00 +00:00
accessURL, err := url.Parse(c.accessURL)
require.NoError(t, err)
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
client := coderdtest.New(t, &coderdtest.Options{
fix: fix app hostname returning port number (#5441)
2022-12-15 18:43:00 +00:00
AccessURL: accessURL,
AppHostname: c.appHostname,
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
})
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
// Should not leak to unauthenticated users.
chore: move agent functions from `codersdk` into `agentsdk` (#5903) * chore: rename `AgentConn` to `WorkspaceAgentConn` The codersdk was becoming bloated with consts for the workspace agent that made no sense to a reader. `Tailnet*` is an example of these consts. * chore: remove `Get` prefix from *Client functions * chore: remove `BypassRatelimits` option in `codersdk.Client` It feels wrong to have this as a direct option because it's so infrequently needed by API callers. It's better to directly modify headers in the two places that we actually use it. * Merge `appearance.go` and `buildinfo.go` into `deployment.go` * Merge `experiments.go` and `features.go` into `deployment.go` * Fix `make gen` referencing old type names * Merge `error.go` into `client.go` `codersdk.Response` lived in `error.go`, which is wrong. * chore: refactor workspace agent functions into agentsdk It was odd conflating the codersdk that clients should use with functions that only the agent should use. This separates them into two SDKs that are closely coupled, but separate. * Merge `insights.go` into `deployment.go` * Merge `organizationmember.go` into `organizations.go` * Merge `quota.go` into `workspaces.go` * Rename `sse.go` to `serversentevents.go` * Rename `codersdk.WorkspaceAppHostResponse` to `codersdk.AppHostResponse` * Format `.vscode/settings.json` * Fix outdated naming in `api.ts` * Fix app host response * Fix unsupported type * Fix imported type
2023-01-29 21:47:24 +00:00
host, err := client.AppHost(ctx)
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
require.Error(t, err)
require.Equal(t, "", host.Host)
_ = coderdtest.CreateFirstUser(t, client)
chore: move agent functions from `codersdk` into `agentsdk` (#5903) * chore: rename `AgentConn` to `WorkspaceAgentConn` The codersdk was becoming bloated with consts for the workspace agent that made no sense to a reader. `Tailnet*` is an example of these consts. * chore: remove `Get` prefix from *Client functions * chore: remove `BypassRatelimits` option in `codersdk.Client` It feels wrong to have this as a direct option because it's so infrequently needed by API callers. It's better to directly modify headers in the two places that we actually use it. * Merge `appearance.go` and `buildinfo.go` into `deployment.go` * Merge `experiments.go` and `features.go` into `deployment.go` * Fix `make gen` referencing old type names * Merge `error.go` into `client.go` `codersdk.Response` lived in `error.go`, which is wrong. * chore: refactor workspace agent functions into agentsdk It was odd conflating the codersdk that clients should use with functions that only the agent should use. This separates them into two SDKs that are closely coupled, but separate. * Merge `insights.go` into `deployment.go` * Merge `organizationmember.go` into `organizations.go` * Merge `quota.go` into `workspaces.go` * Rename `sse.go` to `serversentevents.go` * Rename `codersdk.WorkspaceAppHostResponse` to `codersdk.AppHostResponse` * Format `.vscode/settings.json` * Fix outdated naming in `api.ts` * Fix app host response * Fix unsupported type * Fix imported type
2023-01-29 21:47:24 +00:00
host, err = client.AppHost(ctx)
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
require.NoError(t, err)
fix: fix app hostname returning port number (#5441)
2022-12-15 18:43:00 +00:00
require.Equal(t, c.expected, host.Host)
feat: secure and cross-domain subdomain-based proxying (#4136) Co-authored-by: Kyle Carberry <kyle@carberry.com>
2022-09-22 22:30:32 +00:00
})
}
}
chore: add workspace proxies to the backend (#7032) Co-authored-by: Dean Sheather <dean@deansheather.com>
2023-04-17 19:57:21 +00:00
func TestWorkspaceApplicationAuth(t *testing.T) {
t.Parallel()
cases := []struct {
name string
accessURL string
appHostname string
proxyURL string
proxyAppHostname string
redirectURI string
expectRedirect string
}{
{
name: "OK",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "https://something.test.coder.com",
expectRedirect: "https://something.test.coder.com",
},
{
name: "ProxyPathOK",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "https://proxy.test.coder.com/path",
expectRedirect: "https://proxy.test.coder.com/path",
},
{
name: "ProxySubdomainOK",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "https://something.proxy.test.coder.com/path?yeah=true",
expectRedirect: "https://something.proxy.test.coder.com/path?yeah=true",
},
{
name: "ProxySubdomainSuffixOK",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*--suffix.proxy.test.coder.com",
redirectURI: "https://something--suffix.proxy.test.coder.com/",
expectRedirect: "https://something--suffix.proxy.test.coder.com/",
},
{
name: "NormalizeSchemePrimaryAppHostname",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "http://x.test.coder.com",
expectRedirect: "https://x.test.coder.com",
},
{
name: "NormalizeSchemeProxyAppHostname",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "http://x.proxy.test.coder.com",
expectRedirect: "https://x.proxy.test.coder.com",
},
{
name: "NoneError",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "",
expectRedirect: "",
},
{
name: "PrimaryAccessURLError",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "https://test.coder.com/",
expectRedirect: "",
},
{
name: "OtherError",
accessURL: "https://test.coder.com",
appHostname: "*.test.coder.com",
proxyURL: "https://proxy.test.coder.com",
proxyAppHostname: "*.proxy.test.coder.com",
redirectURI: "https://example.com/",
expectRedirect: "",
},
}
for _, c := range cases {
c := c
t.Run(c.name, func(t *testing.T) {
t.Parallel()
db, pubsub := dbtestutil.NewDB(t)
accessURL, err := url.Parse(c.accessURL)
require.NoError(t, err)
client := coderdtest.New(t, &coderdtest.Options{
Database: db,
Pubsub: pubsub,
AccessURL: accessURL,
AppHostname: c.appHostname,
})
_ = coderdtest.CreateFirstUser(t, client)
// Disable redirects.
client.HTTPClient.CheckRedirect = func(_ *http.Request, _ []*http.Request) error {
return http.ErrUseLastResponse
}
_, _ = dbgen.WorkspaceProxy(t, db, database.WorkspaceProxy{
Url: c.proxyURL,
WildcardHostname: c.proxyAppHostname,
})
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
resp, err := client.Request(ctx, http.MethodGet, "/api/v2/applications/auth-redirect", nil, func(req *http.Request) {
q := req.URL.Query()
q.Set("redirect_uri", c.redirectURI)
req.URL.RawQuery = q.Encode()
})
require.NoError(t, err)
defer resp.Body.Close()
if resp.StatusCode != http.StatusSeeOther {
err = codersdk.ReadBodyAsError(resp)
if c.expectRedirect == "" {
require.Error(t, err)
return
}
require.NoError(t, err)
return
}
if c.expectRedirect == "" {
t.Fatal("expected a failure but got a success")
}
loc, err := resp.Location()
require.NoError(t, err)
q := loc.Query()
// Verify the API key is set.
encryptedAPIKey := loc.Query().Get(workspaceapps.SubdomainProxyAPIKeyParam)
require.NotEmpty(t, encryptedAPIKey, "no API key was set in the query parameters")
// Strip the API key from the actual redirect URI and compare.
q.Del(workspaceapps.SubdomainProxyAPIKeyParam)
loc.RawQuery = q.Encode()
require.Equal(t, c.expectRedirect, loc.String())
// The decrypted key is verified in the apptest test suite.
})
}
}
chore: move workspace apps tests to new package (#7025) * chore: move workspace apps tests to new package * chore: move reconnecting pty to apptest package
2023-04-06 21:35:27 +00:00
func TestWorkspaceApps(t *testing.T) {
feat: Add serving applications on subdomains and port-based proxying (#3753) Co-authored-by: Dean Sheather <dean@deansheather.com>
2022-09-13 17:31:33 +00:00
t.Parallel()
fix(security)!: path-based app sharing changes (#5772) This commit disables path-based app sharing by default. It is possible for a workspace app on a path (not a subdomain) to make API requests to the Coder API. When accessing your own workspace, this is not much of a problem. When accessing a shared workspace app, the workspace owner could include malicious javascript in the page that makes requests to the Coder API on behalf of the visitor. This vulnerability does not affect subdomain apps. - Disables path-based app sharing by default. Previous behavior can be restored using the `--dangerous-allow-path-app-sharing` flag which is not recommended. - Disables users with the site "owner" role from accessing path-based apps from workspaces they do not own. Previous behavior can be restored using the `--dangerous-allow-path-app-site-owner-access` flag which is not recommended. - Adds a flag `--disable-path-apps` which can be used by security-conscious admins to disable all path-based apps across the entire deployment. This check is enforced at app-access time, not at template-ingest time.
2023-01-18 22:56:14 +00:00
chore: reduce the log output of skipped tests (#7520) With the introduction of the workspace proxy tests there was a lot of output if a test was eventually skipped.
2023-05-15 00:37:00 +00:00
apptest.Run(t, true, func(t *testing.T, opts *apptest.DeploymentOptions) *apptest.Deployment {
feat: refactor deployment config (#6347)
2023-03-07 21:10:01 +00:00
deploymentValues := coderdtest.DeploymentValues(t)
chore(cli): replace clibase with external `coder/serpent` (#12252)
2024-03-15 16:24:38 +00:00
deploymentValues.DisablePathApps = serpent.Bool(opts.DisablePathApps)
deploymentValues.Dangerous.AllowPathAppSharing = serpent.Bool(opts.DangerousAllowPathAppSharing)
deploymentValues.Dangerous.AllowPathAppSiteOwnerAccess = serpent.Bool(opts.DangerousAllowPathAppSiteOwnerAccess)
feat: add port-sharing backend (#11939)
2024-02-13 14:31:20 +00:00
deploymentValues.Experiments = append(deploymentValues.Experiments, string(codersdk.ExperimentSharedPorts))
fix: do not canonicalize Sec-WebSocket-* headers in apps (#5334) * fix: do not canonicalize Sec-WebSocket-* headers in apps * chore: test for non-canonical header name subst
2022-12-07 12:55:02 +00:00
chore: add workspace proxies to the backend (#7032) Co-authored-by: Dean Sheather <dean@deansheather.com>
2023-04-17 19:57:21 +00:00
if opts.DisableSubdomainApps {
opts.AppHost = ""
}
fix(coderd): workspaceapps: update last_used_at when workspace app reports stats (#11603) - Adds a new query BatchUpdateLastUsedAt - Adds calls to BatchUpdateLastUsedAt in app stats handler upon flush - Passes a stats flush channel to apptest setup scaffolding and updates unit tests to assert modifications to LastUsedAt.
2024-01-16 14:06:39 +00:00
flushStatsCollectorCh := make(chan chan<- struct{}, 1)
opts.StatsCollectorOptions.Flush = flushStatsCollectorCh
flushStats := func() {
flushStatsCollectorDone := make(chan struct{}, 1)
flushStatsCollectorCh <- flushStatsCollectorDone
<-flushStatsCollectorDone
}
fix: do not canonicalize Sec-WebSocket-* headers in apps (#5334) * fix: do not canonicalize Sec-WebSocket-* headers in apps * chore: test for non-canonical header name subst
2022-12-07 12:55:02 +00:00
client := coderdtest.New(t, &coderdtest.Options{
chore: move workspace apps tests to new package (#7025) * chore: move workspace apps tests to new package * chore: move reconnecting pty to apptest package
2023-04-06 21:35:27 +00:00
DeploymentValues: deploymentValues,
AppHostname: opts.AppHost,
IncludeProvisionerDaemon: true,
fix: do not canonicalize Sec-WebSocket-* headers in apps (#5334) * fix: do not canonicalize Sec-WebSocket-* headers in apps * chore: test for non-canonical header name subst
2022-12-07 12:55:02 +00:00
RealIPConfig: &httpmw.RealIPConfig{
TrustedOrigins: []*net.IPNet{{
IP: net.ParseIP("127.0.0.1"),
Mask: net.CIDRMask(8, 32),
}},
TrustedHeaders: []string{
"CF-Connecting-IP",
},
},
feat(coderd): add `coder_app` usage stats (#9001) Updates #8658
2023-08-16 12:22:00 +00:00
WorkspaceAppsStatsCollectorOptions: opts.StatsCollectorOptions,
fix: do not canonicalize Sec-WebSocket-* headers in apps (#5334) * fix: do not canonicalize Sec-WebSocket-* headers in apps * chore: test for non-canonical header name subst
2022-12-07 12:55:02 +00:00
})
user := coderdtest.CreateFirstUser(t, client)
chore: move workspace apps tests to new package (#7025) * chore: move workspace apps tests to new package * chore: move reconnecting pty to apptest package
2023-04-06 21:35:27 +00:00
return &apptest.Deployment{
chore: reduce the log output of skipped tests (#7520) With the introduction of the workspace proxy tests there was a lot of output if a test was eventually skipped.
2023-05-15 00:37:00 +00:00
Options: opts,
SDKClient: client,
FirstUser: user,
PathAppBaseURL: client.URL,
fix(coderd): workspaceapps: update last_used_at when workspace app reports stats (#11603) - Adds a new query BatchUpdateLastUsedAt - Adds calls to BatchUpdateLastUsedAt in app stats handler upon flush - Passes a stats flush channel to apptest setup scaffolding and updates unit tests to assert modifications to LastUsedAt.
2024-01-16 14:06:39 +00:00
FlushStats: flushStats,
fix: do not canonicalize Sec-WebSocket-* headers in apps (#5334) * fix: do not canonicalize Sec-WebSocket-* headers in apps * chore: test for non-canonical header name subst
2022-12-07 12:55:02 +00:00
}
fix(security)!: path-based app sharing changes (#5772) This commit disables path-based app sharing by default. It is possible for a workspace app on a path (not a subdomain) to make API requests to the Coder API. When accessing your own workspace, this is not much of a problem. When accessing a shared workspace app, the workspace owner could include malicious javascript in the page that makes requests to the Coder API on behalf of the visitor. This vulnerability does not affect subdomain apps. - Disables path-based app sharing by default. Previous behavior can be restored using the `--dangerous-allow-path-app-sharing` flag which is not recommended. - Disables users with the site "owner" role from accessing path-based apps from workspaces they do not own. Previous behavior can be restored using the `--dangerous-allow-path-app-site-owner-access` flag which is not recommended. - Adds a flag `--disable-path-apps` which can be used by security-conscious admins to disable all path-based apps across the entire deployment. This check is enforced at app-access time, not at template-ingest time.
2023-01-18 22:56:14 +00:00
})
}