Content-Length: 1125 | pFad | http://github.com/coder/coder/pull/18989.patch
thub.com
From 8b594a526ad1a369bd9c6f42cc1095688217bd5a Mon Sep 17 00:00:00 2001
From: Dean Sheather
Date: Tue, 22 Jul 2025 12:14:33 +0000
Subject: [PATCH] fix: use httponly flag on coder_signed_app_token cookie
---
coderd/workspaceapps/provider.go | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/coderd/workspaceapps/provider.go b/coderd/workspaceapps/provider.go
index 1cd652976f6f4..227ced556365a 100644
--- a/coderd/workspaceapps/provider.go
+++ b/coderd/workspaceapps/provider.go
@@ -77,10 +77,11 @@ func ResolveRequest(rw http.ResponseWriter, r *http.Request, opts ResolveRequest
// For subdomain apps, this applies to the entire subdomain, e.g.
// app--agent--workspace--user.apps.example.com
http.SetCookie(rw, opts.CookieCfg.Apply(&http.Cookie{
- Name: codersdk.SignedAppTokenCookie,
- Value: tokenStr,
- Path: appReq.BasePath,
- Expires: token.Expiry.Time(),
+ Name: codersdk.SignedAppTokenCookie,
+ Value: tokenStr,
+ Path: appReq.BasePath,
+ HttpOnly: true,
+ Expires: token.Expiry.Time(),
}))
return token, true
--- a PPN by Garber Painting Akron. With Image Size Reduction included!Fetched URL: http://github.com/coder/coder/pull/18989.patch
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy