chore: add custom samesite options to auth cookies (#16885)

Allows controlling `samesite` cookie settings from the deployment config
2025-07-13 21:36:50 +00:00 · 2025-04-08 14:15:14 -05:00
parent 389e88ec82
commit 52d555880c
26 changed files with 240 additions and 67 deletions
--- a/coderd/httpmw/csrf_test.go
+++ b/coderd/httpmw/csrf_test.go
@ -53,7 +53,7 @@ func TestCSRFExemptList(t *testing.T) {
 		},
 	}

-	mw := httpmw.CSRF(false)
+	mw := httpmw.CSRF(codersdk.HTTPCookieConfig{})
 	csrfmw := mw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})).(*nosurf.CSRFHandler)

 	for _, c := range cases {
@ -87,7 +87,7 @@ func TestCSRFError(t *testing.T) {
 	var handler http.Handler = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		writer.WriteHeader(http.StatusOK)
 	})
-	handler = httpmw.CSRF(false)(handler)
+	handler = httpmw.CSRF(codersdk.HTTPCookieConfig{})(handler)

 	// Not testing the error case, just providing the example of things working
 	// to base the failure tests off of.