feat: make urls relative #7434
feat: make urls relative #7434
Conversation
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
|
I have read the CLA Document and I hereby sign the CLA |
There was a problem hiding this comment.
This has security implications running Coder on the same host as other applications.
Those applications could make requests inside workspaces because they'd share a cookie, which could lead to a whole set of security vulnerabilities.
What's the use-case you have in mind?
|
We have 1 domain with a cert (no wildcard) and run all our tools behind a reverse proxy using subpaths. We wanted to add coder as well but got stuck on the absolute paths |
|
Small addition: cookies should have paths defined so they are not accessible to other apps |
|
recheck |
|
This Pull Request is becoming stale. In order to minimize WIP, prevent merge conflicts and keep the tracker readable, I'm going close to this PR in 3 days if there isn't more activity. |
Right now all UI urls are based of
/, which make it impossible to run coder behind a reverse proxy under a subpath (e.g./coder/), as can be seen here:Even though it seems from the documentation this should work: https://coder.com/docs/code-server/latest/guide#expose-code-server
Instead of Caddy, I am using Traefik, but this also has a strip prefix which I have configured:
I saw coder is being built with
vite, which has an option to define a basepath: https://vitejs.dev/config/shared-options.html#baseOthers have gone before me on StackOverflow, and found out that the default is
/(as described in vite docs) causing these root paths, and in order to make it relative this needs to be./: https://stackoverflow.com/questions/69744253/vite-build-always-using-static-paths/69746868#comment133768566_69746868This PR configures the basepath so coder can run in any directory, whether it be root or subpath.