Skip to content

feat: allow bypassing current CORS magic based on template config #18706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Jul 30, 2025
Merged

feat: allow bypassing current CORS magic based on template config #18706

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
94e423b
wip
cstyan Jul 3, 2025
b2e9c6d
wip 2
cstyan Jul 3, 2025
5b2b80e
fix broken build and tests
cstyan Jul 7, 2025
1af9d2f
rename sql files
cstyan Jul 7, 2025
6c136cf
fix TS files for tests/linting
cstyan Jul 7, 2025
8b21d0c
wip proxy changes, still broken
cstyan Jul 8, 2025
20c3ffd
commit cors package
cstyan Jul 8, 2025
20dbf97
port test
cstyan Jul 8, 2025
432aff6
this should fix most tests, thanks blink
cstyan Jul 8, 2025
e75fb3b
Merge branch 'main' into callum-cors
cstyan Jul 9, 2025
5b5e766
move cors mw after app handle subdomain
cstyan Jul 9, 2025
039240b
Merge branch 'main' into callum-cors
cstyan Jul 9, 2025
8251d8e
merge missed removing dbmem
cstyan Jul 9, 2025
22c0711
fix leftover merge conflict
cstyan Jul 9, 2025
a5ad58b
fix linting
cstyan Jul 9, 2025
e6afe73
address review comments related to valid/validate functions
cstyan Jul 29, 2025
9aa5bdb
Merge branch 'main' into callum-cors
cstyan Jul 29, 2025
bc41ed4
move cors DB migration and re-make gen
cstyan Jul 29, 2025
6a62419
fix mistaken change in dbgen
cstyan Jul 29, 2025
fa93b9b
fix lint erro
cstyan Jul 29, 2025
4d498c6
somehow make gen doesn't fix this file?
cstyan Jul 29, 2025
a41dbcc
again, make gen doesn't seem to fix the required formatting here
cstyan Jul 29, 2025
92b6e20
address more review feedback
cstyan Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
address review comments related to valid/validate functions 
Signed-off-by: Callum Styan <callumstyan@gmail.com>
  • Loading branch information
@cstyan
cstyan committed Jul 29, 2025
commit e6afe73e549dac9d71fbf10f8bc751d7266c10a2
30 changes: 19 additions & 11 deletions coderd/templates.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"fmt"
"net/http"
"sort"
"strings"
"time"

"github.com/go-chi/chi/v5"
Expand All @@ -29,6 +30,7 @@ import (
"github.com/coder/coder/v2/coderd/searchquery"
"github.com/coder/coder/v2/coderd/telemetry"
"github.com/coder/coder/v2/coderd/util/ptr"
"github.com/coder/coder/v2/coderd/util/slice"
"github.com/coder/coder/v2/coderd/workspacestats"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/examples"
Expand Down Expand Up @@ -352,13 +354,17 @@ func (api *API) postTemplateByOrganization(rw http.ResponseWriter, r *http.Reque
}
}

if createTemplate.CORSBehavior != nil && *createTemplate.CORSBehavior != "" {
val := createTemplate.CORSBehavior
if err := val.Validate(); err != nil {
validErrs = append(validErrs, codersdk.ValidationError{Field: "cors_behavior", Detail: err.Error()})
} else {
corsBehavior = database.CorsBehavior(*val)
}
// Default the CORS behavior here to Simple so we don't break all existing templates.
val := database.CorsBehaviorSimple
if createTemplate.CORSBehavior != nil {
val = database.CorsBehavior(*createTemplate.CORSBehavior)
}
if !val.Valid() {
validErrs = append(validErrs, codersdk.ValidationError{Field: "cors_behavior",
Detail: fmt.Sprintf("Invalid CORS behavior %q. Must be one of [%s]", *createTemplate.CORSBehavior, strings.Join(slice.ToStrings(database.AllCorsBehaviorValues()), ", ")),
})
} else {
corsBehavior = val
}

if autostopRequirementWeeks < 0 {
Expand Down Expand Up @@ -738,11 +744,13 @@ func (api *API) patchTemplateMeta(rw http.ResponseWriter, r *http.Request) {

corsBehavior := template.CorsBehavior
if req.CORSBehavior != nil && *req.CORSBehavior != "" {
val := req.CORSBehavior
if err := val.Validate(); err != nil {
validErrs = append(validErrs, codersdk.ValidationError{Field: "cors_behavior", Detail: err.Error()})
val := database.CorsBehavior(*req.CORSBehavior)
if !val.Valid() {
validErrs = append(validErrs, codersdk.ValidationError{Field: "cors_behavior",
Detail: fmt.Sprintf("Invalid CORS behavior %q. Must be one of [%s]", *req.CORSBehavior, strings.Join(slice.ToStrings(database.AllCorsBehaviorValues()), ", ")),
})
} else {
corsBehavior = database.CorsBehavior(*val)
corsBehavior = val
}
}

Expand Down
11 changes: 0 additions & 11 deletions codersdk/cors_behavior.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,8 @@
package codersdk

import (
"golang.org/x/xerrors"
)

type CORSBehavior string

const (
CORSBehaviorSimple CORSBehavior = "simple"
CORSBehaviorPassthru CORSBehavior = "passthru"
)

func (c CORSBehavior) Validate() error {
if c != CORSBehaviorSimple && c != CORSBehaviorPassthru {
return xerrors.New("Invalid CORS behavior.")
}
return nil
}