Skip to content

feat: bypass built-in CORS handling for workspace apps #17596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Emyrk wants to merge 19 commits into from
Closed

feat: bypass built-in CORS handling for workspace apps #17596

Emyrk wants to merge 19 commits into from

Conversation

@Emyrk
Copy link
Member

@Emyrk Emyrk commented Apr 28, 2025
edited
Loading

Continues #15669

This PR introduces a partial fix for #15096; it allows operators to specify the CORS behavior on a per-coder_app level.

This change requires cors_behavior to be set on a given coder_app; coder/terraform-provider-coder#309 introduces that new attribute.

coderd currently handles CORS automatically by handling preflight requests and stripping CORS headers from upstream coder_app responses.

Two CORS behaviors are defined in this PR:

  • simple: the current behavior of handling CORS within coderd
  • passthru: new behavior which transparently bypasses our CORS handling in coderd so the coder_app service is then fully responsible for handling CORS

We plan to further add this behavior to port shares.

The sharing level (owner, authenticated, public) is still respected, regardless of CORS behavior.

dannykopping and others added 14 commits November 28, 2024 12:04
@dannykopping
Working implementation
0dc7ca3 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Rename CorsBehavior to CORSBehavior
3c0e33a 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Hard & simplify CORORS handling logic
a4d3c8d 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Minor fixes
873c3e4 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Appeasing the linter
65f984f 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Move type def to codersdk
1f0b34c 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Appease the linter, again
5be5477 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Fix migration num
ddbbaa9 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Removing unnecessary header check
63c1852 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Improve tests
976cd78 
Signed-off-by: Danny Kopping <danny@coder.com>
@dannykopping
Merge branch 'main' of https://github.com/coder/coder into dk/cors
9f9068f
@dannykopping
Comprehensive CORS test suite for both request & response
3dc00e1 
Signed-off-by: Danny Kopping <danny@coder.com>
@Emyrk
Merge remote-tracking branch 'origin/main' into stevenmasley/cors
5e1c6eb
@Emyrk
make gen
3266967
@Emyrk Emyrk changed the title Stevenmasley/cors feat: bypass built-in CORS handling for workspace apps Apr 28, 2025
@github-actions
Copy link

github-actions bot commented Apr 29, 2025

🚀 Deploying PR 17596 ...

@github-actions github-actions bot added the stale This issue is like stale bread. label May 7, 2025
@f0ssel f0ssel requested review from cstyan and removed request for cstyan May 8, 2025 14:38
@github-actions github-actions bot removed the stale This issue is like stale bread. label May 9, 2025
@github-actions github-actions bot added the stale This issue is like stale bread. label May 16, 2025
@github-actions github-actions bot closed this May 19, 2025
@Emyrk Emyrk reopened this May 19, 2025
@Emyrk Emyrk requested a review from spikecurtis as a code owner May 19, 2025 13:48
@Emyrk Emyrk requested a review from johnstcn as a code owner May 19, 2025 13:48
@Emyrk Emyrk closed this May 19, 2025
@github-actions github-actions bot locked and limited conversation to collaborators May 19, 2025
@Emyrk
Copy link
Member Author

Emyrk commented May 19, 2025

Sorry for the github noise. This is not done, it is still relevant, I just don't have the time to take this over the line.

@Emyrk Emyrk removed request for johnstcn and spikecurtis May 19, 2025 13:48
@Emyrk Emyrk deleted the stevenmasley/cors branch July 22, 2025 13:12
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@Emyrk Emyrk

Labels

stale This issue is like stale bread.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Emyrk @dannykopping