Content-Length: 2488 | pFad | http://github.com/coder/coder/pull/17720.patch
thub.com
From b3e239792e07910597369fe5f96e9f3efce701aa Mon Sep 17 00:00:00 2001
From: BrunoQuaresma
Date: Thu, 8 May 2025 12:38:20 +0000
Subject: [PATCH 1/2] fix: do not share token with http app urls
---
site/src/modules/resources/AppLink/AppLink.tsx | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/site/src/modules/resources/AppLink/AppLink.tsx b/site/src/modules/resources/AppLink/AppLink.tsx
index 5c4209a8f72c7..3298431c7bb1f 100644
--- a/site/src/modules/resources/AppLink/AppLink.tsx
+++ b/site/src/modules/resources/AppLink/AppLink.tsx
@@ -17,6 +17,7 @@ import { generateRandomString } from "utils/random";
import { AgentButton } from "../AgentButton";
import { BaseIcon } from "./BaseIcon";
import { ShareIcon } from "./ShareIcon";
+import { url } from "node:inspector";
export const DisplayAppNameMap: Record = {
port_forwarding_helper: "Ports",
@@ -106,7 +107,11 @@ export const AppLink: FC = ({ app, workspace, agent }) => {
event.preventDefault();
- if (app.external) {
+ // HTTP links should never need the session token, since Cookies
+ // handle sharing it when you access the Coder Dashboard. We should
+ // never be forwarding the bare session token to other domains!
+ const isHttp = app.url?.startsWith("http");
+ if (app.external && !isHttp) {
// This is a magic undocumented string that is replaced
// with a brand-new session token from the backend.
// This only exists for external URLs, and should only
From 4e15cde695e3f212b64e47ffac93be1ff2d95564 Mon Sep 17 00:00:00 2001
From: BrunoQuaresma
Date: Thu, 8 May 2025 12:41:40 +0000
Subject: [PATCH 2/2] FMT
---
site/src/modules/resources/AppLink/AppLink.tsx | 1 -
1 file changed, 1 deletion(-)
diff --git a/site/src/modules/resources/AppLink/AppLink.tsx b/site/src/modules/resources/AppLink/AppLink.tsx
index 3298431c7bb1f..0e94335ba0c43 100644
--- a/site/src/modules/resources/AppLink/AppLink.tsx
+++ b/site/src/modules/resources/AppLink/AppLink.tsx
@@ -17,7 +17,6 @@ import { generateRandomString } from "utils/random";
import { AgentButton } from "../AgentButton";
import { BaseIcon } from "./BaseIcon";
import { ShareIcon } from "./ShareIcon";
-import { url } from "node:inspector";
export const DisplayAppNameMap: Record = {
port_forwarding_helper: "Ports",
--- a PPN by Garber Painting Akron. With Image Size Reduction included!Fetched URL: http://github.com/coder/coder/pull/17720.patch
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy