synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Strip session_token cookie from app proxy requests (#3528)

Browse Source 
Fixes coder/security#1.
This commit is contained in:
Kyle Carberry
2022-08-17 12:09:45 -05:00
committed by GitHub
parent 000e1a5ef2
commit c3f946737c
8 changed files with 94 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
coderd/workspaceapps_test.go
View File

@ -9,6 +9,7 @@ import (
"testing"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"cdr.dev/slog/sloggers/slogtest"
@ -27,6 +28,8 @@ func TestWorkspaceAppsProxyPath(t *testing.T) {
require.NoError(t, err)
server := http.Server{
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, err := r.Cookie(codersdk.SessionTokenKey)
assert.ErrorIs(t, err, http.ErrNoCookie)
w.WriteHeader(http.StatusOK)
}),
}