Skip to content

feat: allow bypassing current CORS magic based on template config #18706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Jul 30, 2025
Merged

feat: allow bypassing current CORS magic based on template config #18706

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
94e423b
wip
cstyan Jul 3, 2025
b2e9c6d
wip 2
cstyan Jul 3, 2025
5b2b80e
fix broken build and tests
cstyan Jul 7, 2025
1af9d2f
rename sql files
cstyan Jul 7, 2025
6c136cf
fix TS files for tests/linting
cstyan Jul 7, 2025
8b21d0c
wip proxy changes, still broken
cstyan Jul 8, 2025
20c3ffd
commit cors package
cstyan Jul 8, 2025
20dbf97
port test
cstyan Jul 8, 2025
432aff6
this should fix most tests, thanks blink
cstyan Jul 8, 2025
e75fb3b
Merge branch 'main' into callum-cors
cstyan Jul 9, 2025
5b5e766
move cors mw after app handle subdomain
cstyan Jul 9, 2025
039240b
Merge branch 'main' into callum-cors
cstyan Jul 9, 2025
8251d8e
merge missed removing dbmem
cstyan Jul 9, 2025
22c0711
fix leftover merge conflict
cstyan Jul 9, 2025
a5ad58b
fix linting
cstyan Jul 9, 2025
e6afe73
address review comments related to valid/validate functions
cstyan Jul 29, 2025
9aa5bdb
Merge branch 'main' into callum-cors
cstyan Jul 29, 2025
bc41ed4
move cors DB migration and re-make gen
cstyan Jul 29, 2025
6a62419
fix mistaken change in dbgen
cstyan Jul 29, 2025
fa93b9b
fix lint erro
cstyan Jul 29, 2025
4d498c6
somehow make gen doesn't fix this file?
cstyan Jul 29, 2025
a41dbcc
again, make gen doesn't seem to fix the required formatting here
cstyan Jul 29, 2025
92b6e20
address more review feedback
cstyan Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix linting 
Signed-off-by: Callum Styan <callumstyan@gmail.com>
  • Loading branch information
@cstyan
cstyan committed Jul 9, 2025
commit a5ad58b0069a07c3f69b5656b3829052c552f315
4 changes: 2 additions & 2 deletions coderd/workspaceapps/apptest/apptest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ func Run(t *testing.T, appHostIsPrimary bool, factory DeploymentFactory) {
})

// Update the template CORS behavior.
b := codersdk.CORSBehavior(tc.behavior)
b := tc.behavior
template, err := appDetails.SDKClient.UpdateTemplateMeta(ctx, appDetails.Workspace.TemplateID, codersdk.UpdateTemplateMeta{
CORSBehavior: &b,
})
Expand Down Expand Up @@ -1856,7 +1856,7 @@ func Run(t *testing.T, appHostIsPrimary bool, factory DeploymentFactory) {
require.NoError(t, err)

// Update the template CORS behavior.
b := codersdk.CORSBehavior(tc.behavior)
b := tc.behavior
template, err := appDetails.SDKClient.UpdateTemplateMeta(ctx, appDetails.Workspace.TemplateID, codersdk.UpdateTemplateMeta{
CORSBehavior: &b,
})
Expand Down
4 changes: 0 additions & 4 deletions coderd/workspaceapps/proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,13 +344,10 @@ func (s *Server) determineCORSBehavior(token *SignedToken, app appurl.Applicatio

switch behavior {
case codersdk.CORSBehaviorPassthru:
fmt.Println("passthru")
// Bypass the CORS middleware.
next.ServeHTTP(rw, r)
return
default:
fmt.Println("default cors")

// Apply the CORS middleware.
corsHandler.ServeHTTP(rw, r)
}
Expand Down Expand Up @@ -597,7 +594,6 @@ func (s *Server) proxyWorkspaceApp(rw http.ResponseWriter, r *http.Request, appT
proxy.ModifyResponse = func(r *http.Response) error {
// If passthru behavior is set, disable our CORS header stripping.
if cors.HasBehavior(r.Request.Context(), codersdk.CORSBehaviorPassthru) {
fmt.Println("not modifying headers!!!")
return nil
}
r.Header.Del(httpmw.AccessControlAllowOriginHeader)
Expand Down
Loading