Skip to content

Commit 80501f5

Browse files
code-ashercode-asher
committed
Comment on blank origin
1 parent 7ca898d commit 80501f5

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

enterprise/coderd/identityprovider/middleware.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,11 @@ func authorizeMW(accessURL *url.URL) func(next http.Handler) http.Handler {
1616
return func(next http.Handler) http.Handler {
1717
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
1818
origin := r.Header.Get(httpmw.OriginHeader)
19+
// TODO: The origin can be blank from some clients, like cURL. For now
20+
// only browser-based auth flow is officially supported but in a future PR
21+
// we should support a cURL-based and blank origin flows.
1922
originU, err := url.Parse(origin)
20-
if err != nil {
21-
// TODO: Curl requests will not have this. One idea is to always show
22-
// html here??
23+
if err != nil || origin == "" {
2324
httpapi.Write(r.Context(), rw, http.StatusBadRequest, codersdk.Response{
2425
Message: "Invalid or missing origin header.",
2526
Detail: err.Error(),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy