Skip to content

chore: CORs option for yarn dev server #7630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 22, 2023
Merged

chore: CORs option for yarn dev server #7630

merged 10 commits into from
May 22, 2023

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented May 22, 2023

Yarn dev server cannot request latency check endpoint because of CORs and CSP.
Add a flag to allow all external requests for yarn dev server to work correctly. This is a dangerous and hidden flag for dev use only.

@Emyrk Emyrk requested review from a team and Kira-Pilot and removed request for a team and Kira-Pilot May 22, 2023 17:02
kylecarbs
kylecarbs reviewed May 22, 2023
View reviewed changes
coderd/httpmw/cors.go Outdated
"net/http"
)

func CorsMW(allowAll bool, origins ...string) func(next http.Handler) http.Handler {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we not have a CORS MW before?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope. We don't need CORs for the primary coderd, since all web requests are on the same domain.

The issue is the latency request checks for external proxies uses absolute urls. The local yarn dev server runs on a different port. So for the yarn dev server to hit the /latency endpoint, I need to turn on CORs.

This PR blocks all CORs requests to coderd by default if the flag is not true

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was requested by @BrunoQuaresma. Without it, it was difficult for him to work on the workspace proxy UI.

@Emyrk Emyrk requested a review from kylecarbs May 22, 2023 17:30
kylecarbs
kylecarbs approved these changes May 22, 2023
View reviewed changes
@Emyrk Emyrk merged commit 5d711fc into main May 22, 2023
@Emyrk Emyrk deleted the stevenmasley/dev_cors branch May 22, 2023 18:02
@github-actions github-actions bot locked and limited conversation to collaborators May 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Emyrk @kylecarbs