mirror of https://github.com/coder/coder.git
chore: Allow cors requests to workspace proxies for latency checks (#7484)
* CSP addition for web requests * chore: Add cors to workspace proxies to allow for latency checks
This commit is contained in:
parent
d17ea84b4a
commit
3f9af6f5e7
|
@ -104,6 +104,8 @@ func CSPHeaders(websocketHosts func() []string) func(next http.Handler) http.Han
|
||||||
if len(extraConnect) > 0 {
|
if len(extraConnect) > 0 {
|
||||||
for _, extraHost := range extraConnect {
|
for _, extraHost := range extraConnect {
|
||||||
cspSrcs.Append(cspDirectiveConnectSrc, fmt.Sprintf("wss://%[1]s ws://%[1]s", extraHost))
|
cspSrcs.Append(cspDirectiveConnectSrc, fmt.Sprintf("wss://%[1]s ws://%[1]s", extraHost))
|
||||||
|
// We also require this to make http/https requests to the workspace proxy for latency checking.
|
||||||
|
cspSrcs.Append(cspDirectiveConnectSrc, fmt.Sprintf("https://%[1]s http://%[1]s", extraHost))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
|
"github.com/go-chi/cors"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"go.opentelemetry.io/otel/trace"
|
"go.opentelemetry.io/otel/trace"
|
||||||
|
@ -197,6 +198,20 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
|
||||||
httpmw.ExtractRealIP(s.Options.RealIPConfig),
|
httpmw.ExtractRealIP(s.Options.RealIPConfig),
|
||||||
httpmw.Logger(s.Logger),
|
httpmw.Logger(s.Logger),
|
||||||
httpmw.Prometheus(s.PrometheusRegistry),
|
httpmw.Prometheus(s.PrometheusRegistry),
|
||||||
|
// The primary coderd dashboard needs to make some GET requests to
|
||||||
|
// the workspace proxies to check latency.
|
||||||
|
cors.Handler(cors.Options{
|
||||||
|
AllowedOrigins: []string{
|
||||||
|
// Allow the dashboard to make requests to the proxy for latency
|
||||||
|
// checks.
|
||||||
|
opts.DashboardURL.String(),
|
||||||
|
},
|
||||||
|
// Only allow GET requests for latency checks.
|
||||||
|
AllowedMethods: []string{http.MethodGet},
|
||||||
|
AllowedHeaders: []string{"Accept", "Content-Type"},
|
||||||
|
// Do not send any cookies
|
||||||
|
AllowCredentials: false,
|
||||||
|
}),
|
||||||
|
|
||||||
// HandleSubdomain is a middleware that handles all requests to the
|
// HandleSubdomain is a middleware that handles all requests to the
|
||||||
// subdomain-based workspace apps.
|
// subdomain-based workspace apps.
|
||||||
|
|
5
go.mod
5
go.mod
|
@ -174,7 +174,10 @@ require (
|
||||||
tailscale.com v1.32.2
|
tailscale.com v1.32.2
|
||||||
)
|
)
|
||||||
|
|
||||||
require github.com/armon/go-radix v1.0.0 // indirect
|
require (
|
||||||
|
github.com/armon/go-radix v1.0.0 // indirect
|
||||||
|
github.com/go-chi/cors v1.2.1 // indirect
|
||||||
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
cloud.google.com/go/compute v1.18.0 // indirect
|
cloud.google.com/go/compute v1.18.0 // indirect
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -599,6 +599,8 @@ github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
|
||||||
github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
|
github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
|
||||||
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
|
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
|
||||||
github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||||
|
github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
|
||||||
|
github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
|
||||||
github.com/go-chi/httprate v0.7.1 h1:d5kXARdms2PREQfU4pHvq44S6hJ1hPu4OXLeBKmCKWs=
|
github.com/go-chi/httprate v0.7.1 h1:d5kXARdms2PREQfU4pHvq44S6hJ1hPu4OXLeBKmCKWs=
|
||||||
github.com/go-chi/httprate v0.7.1/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A=
|
github.com/go-chi/httprate v0.7.1/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A=
|
||||||
github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
|
github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
|
||||||
|
|
Loading…
Reference in New Issue