Skip to content

chore: disable authz-header in all builds #17409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 16, 2025
Merged

chore: disable authz-header in all builds #17409

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
55e4c2e
chore: disable authz-header in all builds
Emyrk Apr 16, 2025
bffabc5
linting
Emyrk Apr 16, 2025
1bb1c92
linting
Emyrk Apr 16, 2025
30ba8ea
more linters doing the same thing
Emyrk Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
chore: disable authz-header in all builds 
Header payload being large is causing some issues in dev builds.
Another method of opting in needs to be determined
  • Loading branch information
@Emyrk
Emyrk committed Apr 16, 2025
commit 55e4c2ec61257561990bee3dda2129e6b5642f38
9 changes: 8 additions & 1 deletion coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,8 +464,15 @@
r := chi.NewRouter()
// We add this middleware early, to make sure that authorization checks made
// by other middleware get recorded.
if buildinfo.IsDev() {

Check failure on line 467 in coderd/coderd.go

View workflow job for this annotation

GitHub Actions / lint 

empty-block: this block is empty, you can remove it (revive)
r.Use(httpmw.RecordAuthzChecks)
// TODO: Find another solution to opt into these checks.
// If the header grows too large, it breaks `fetch()` requests.
// Temporarily disabling this until we can find a better solution.
// One idea is to include checking the request for `X-Authz-Record=true`
// header. To opt in on a per-request basis.
// Some authz calls (like filtering lists) might be able to be
// summarized better to condense the header payload.
//r.Use(httpmw.RecordAuthzChecks)
}

ctx, cancel := context.WithCancel(context.Background())
Expand Down
Loading