docs: add section about how to disable path based apps to security best practices #18419
+27
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -60,6 +60,8 @@ If you are providing TLS certificates directly to the Coder server, either | |||
| options (these both take a comma separated list of files; list certificates | |||
| and their respective keys in the same order). | |||
|
|
|||
| After you enable a wildcard sub-domain, [disable path-based apps](../../tutorials/best-practices/security-best-practices.md#disable-path-based-apps). | |||
There was a problem hiding this comment.
"After you configure the wildcard access URL, we recommend disabling path-based apps for security."
| @@ -66,6 +66,31 @@ logs (which have `msg: audit_log`) and retain them for a minimum of two years | |||
| If a security incident with Coder does occur, audit logs are invaluable in | |||
| determining the nature and scope of the impact. | |||
|
|
|||
| ### Disable path-based apps | |||
|
|
|||
| For production deployments, disable path-based apps. | |||
There was a problem hiding this comment.
"For production deployments, we recommend disable path-based apps after you've configured a wildcard access URL.
Comment on lines
+87
to
+89
| By default, Coder mitigates the impact of having path-based apps enabled, but we still recommend disabling it to prevent malicious workspaces accessing other workspaces owned by the same user or performing requests against the Coder API. | ||
|
|
||
| If you do keep path-based apps enabled, Coder limits the risk: |
There was a problem hiding this comment.
You say both "Coder mitigates the impact" and "Coder limits the risk". You should probably just remove the "Coder limits the risk" line IMO.
Comment on lines
+73
to
+75
| Path-based apps share the same origin as the Coder API. | ||
| This setup is convenient for demos, but can expose the deployment to cross-site-scripting (XSS) attacks in production. | ||
| A malicious workspace could reuse Coder cookies to call the API or interact with other workspaces owned by the same user. |
There was a problem hiding this comment.
Path-based apps share the same origin as the Coder API, which can be convenient for trialing Coder, but can expose the deployment to cross-site-scripting (XSS) attacks in production.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
add a new section specifically about how to disable path-based apps to the security best practices doc
todo