synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Strip session_token cookie from app proxy requests (#3528)

Browse Source 
Fixes coder/security#1.
This commit is contained in:
Kyle Carberry
2022-08-17 12:09:45 -05:00
committed by GitHub
parent 000e1a5ef2
commit c3f946737c
8 changed files with 94 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
coderd/userauth_test.go
View File

@ -447,7 +447,7 @@ func oauth2Callback(t *testing.T, client *codersdk.Client) *http.Response {
req, err := http.NewRequest("GET", oauthURL.String(), nil)
require.NoError(t, err)
req.AddCookie(&http.Cookie{
Name: "oauth_state",
Name: codersdk.OAuth2StateKey,
Value: state,
})
res, err := client.HTTPClient.Do(req)
@ -469,7 +469,7 @@ func oidcCallback(t *testing.T, client *codersdk.Client) *http.Response {
req, err := http.NewRequest("GET", oauthURL.String(), nil)
require.NoError(t, err)
req.AddCookie(&http.Cookie{
Name: "oauth_state",
Name: codersdk.OAuth2StateKey,
Value: state,
})
res, err := client.HTTPClient.Do(req)