mirror of https://github.com/coder/coder.git
chore: Allow cors requests to workspace proxies for latency checks (#7484)
* CSP addition for web requests * chore: Add cors to workspace proxies to allow for latency checks
This commit is contained in:
parent
d17ea84b4a
commit
3f9af6f5e7
|
@ -104,6 +104,8 @@ func CSPHeaders(websocketHosts func() []string) func(next http.Handler) http.Han
|
|||
if len(extraConnect) > 0 {
|
||||
for _, extraHost := range extraConnect {
|
||||
cspSrcs.Append(cspDirectiveConnectSrc, fmt.Sprintf("wss://%[1]s ws://%[1]s", extraHost))
|
||||
// We also require this to make http/https requests to the workspace proxy for latency checking.
|
||||
cspSrcs.Append(cspDirectiveConnectSrc, fmt.Sprintf("https://%[1]s http://%[1]s", extraHost))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/cors"
|
||||
"github.com/google/uuid"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
|
@ -197,6 +198,20 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
|
|||
httpmw.ExtractRealIP(s.Options.RealIPConfig),
|
||||
httpmw.Logger(s.Logger),
|
||||
httpmw.Prometheus(s.PrometheusRegistry),
|
||||
// The primary coderd dashboard needs to make some GET requests to
|
||||
// the workspace proxies to check latency.
|
||||
cors.Handler(cors.Options{
|
||||
AllowedOrigins: []string{
|
||||
// Allow the dashboard to make requests to the proxy for latency
|
||||
// checks.
|
||||
opts.DashboardURL.String(),
|
||||
},
|
||||
// Only allow GET requests for latency checks.
|
||||
AllowedMethods: []string{http.MethodGet},
|
||||
AllowedHeaders: []string{"Accept", "Content-Type"},
|
||||
// Do not send any cookies
|
||||
AllowCredentials: false,
|
||||
}),
|
||||
|
||||
// HandleSubdomain is a middleware that handles all requests to the
|
||||
// subdomain-based workspace apps.
|
||||
|
|
5
go.mod
5
go.mod
|
@ -174,7 +174,10 @@ require (
|
|||
tailscale.com v1.32.2
|
||||
)
|
||||
|
||||
require github.com/armon/go-radix v1.0.0 // indirect
|
||||
require (
|
||||
github.com/armon/go-radix v1.0.0 // indirect
|
||||
github.com/go-chi/cors v1.2.1 // indirect
|
||||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go/compute v1.18.0 // indirect
|
||||
|
|
2
go.sum
2
go.sum
|
@ -599,6 +599,8 @@ github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
|
|||
github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
|
||||
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
|
||||
github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
|
||||
github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
|
||||
github.com/go-chi/httprate v0.7.1 h1:d5kXARdms2PREQfU4pHvq44S6hJ1hPu4OXLeBKmCKWs=
|
||||
github.com/go-chi/httprate v0.7.1/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A=
|
||||
github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
|
||||
|
|
Loading…
Reference in New Issue