Skip to content

Commit ffbfaf2

Browse files
cstyancstyan
authored
feat: allow bypassing current CORS magic based on template config (#18706)
Solves #15096 This is a slight rework/refactor of the earlier PRs from @dannykopping and @Emyrk: - #15669 - #15684 - #17596 Rather than having a per-app CORS behaviour setting and additionally a template level setting for ports, this PR adds a single template level CORS behaviour setting that is then used by all apps/ports for workspaces created from that template. The main changes are in `proxy.go` and `request.go` to: a) get the CORS behaviour setting from the template b) have `HandleSubdomain` bypass the CORS middleware handler if the selected behaviour is `passthru` c) in `proxyWorkspaceApp`, do not modify the response if the selected behaviour is `passthru` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for configuring CORS behavior ("simple" or "passthru") at the template level for all shared ports. * Introduced a new "CORS Behavior" setting in the template creation and settings forms. * API endpoints and responses now include the optional `cors_behavior` property for templates. * Workspace apps and proxy now honor the specified CORS behavior, enabling conditional CORS middleware application. * Enhanced workspace app tests with comprehensive scenarios covering CORS behaviors and authentication states. * **Bug Fixes** * None. * **Documentation** * Updated API and admin documentation to describe the new `cors_behavior` property and its usage. * Added examples and schema references for CORS behavior in relevant API docs. * **Tests** * Extended automated tests to cover different CORS behavior scenarios for templates and workspace apps. * **Chores** * Updated audit logging to track changes to the `cors_behavior` field on templates. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Callum Styan <callumstyan@gmail.com>
1 parent 96e32d6 commit ffbfaf2

File tree

36 files changed

+1149
-108
lines changed

36 files changed

+1149
-108
lines changed

coderd/apidoc/docs.go

Lines changed: 22 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 16 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1462,6 +1462,7 @@ func (s *MethodTestSuite) TestTemplate() {
14621462
Provisioner: "echo",
14631463
OrganizationID: orgID,
14641464
MaxPortSharingLevel: database.AppSharingLevelOwner,
1465+
CorsBehavior: database.CorsBehaviorSimple,
14651466
}).Asserts(rbac.ResourceTemplate.InOrg(orgID), policy.ActionCreate)
14661467
}))
14671468
s.Run("InsertTemplateVersion", s.Subtest(func(db database.Store, check *expects) {
@@ -1582,6 +1583,7 @@ func (s *MethodTestSuite) TestTemplate() {
15821583
check.Args(database.UpdateTemplateMetaByIDParams{
15831584
ID: t1.ID,
15841585
MaxPortSharingLevel: "owner",
1586+
CorsBehavior: database.CorsBehaviorSimple,
15851587
}).Asserts(t1, policy.ActionUpdate)
15861588
}))
15871589
s.Run("UpdateTemplateVersionByID", s.Subtest(func(db database.Store, check *expects) {

coderd/database/dbgen/dbgen.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,7 @@ func Template(t testing.TB, db database.Store, seed database.Template) database.
148148
AllowUserCancelWorkspaceJobs: seed.AllowUserCancelWorkspaceJobs,
149149
MaxPortSharingLevel: takeFirst(seed.MaxPortSharingLevel, database.AppSharingLevelOwner),
150150
UseClassicParameterFlow: takeFirst(seed.UseClassicParameterFlow, false),
151+
CorsBehavior: takeFirst(seed.CorsBehavior, database.CorsBehaviorSimple),
151152
})
152153
require.NoError(t, err, "insert template")
153154

coderd/database/dump.sql

Lines changed: 8 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000353_template_level_cors.down.sql

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
DROP VIEW IF EXISTS template_with_names;
2+
CREATE VIEW template_with_names AS
3+
SELECT templates.id,
4+
templates.created_at,
5+
templates.updated_at,
6+
templates.organization_id,
7+
templates.deleted,
8+
templates.name,
9+
templates.provisioner,
10+
templates.active_version_id,
11+
templates.description,
12+
templates.default_ttl,
13+
templates.created_by,
14+
templates.icon,
15+
templates.user_acl,
16+
templates.group_acl,
17+
templates.display_name,
18+
templates.allow_user_cancel_workspace_jobs,
19+
templates.allow_user_autostart,
20+
templates.allow_user_autostop,
21+
templates.failure_ttl,
22+
templates.time_til_dormant,
23+
templates.time_til_dormant_autodelete,
24+
templates.autostop_requirement_days_of_week,
25+
templates.autostop_requirement_weeks,
26+
templates.autostart_block_days_of_week,
27+
templates.require_active_version,
28+
templates.deprecated,
29+
templates.activity_bump,
30+
templates.max_port_sharing_level,
31+
templates.use_classic_parameter_flow,
32+
COALESCE(visible_users.avatar_url, ''::text) AS created_by_avatar_url,
33+
COALESCE(visible_users.username, ''::text) AS created_by_username,
34+
COALESCE(visible_users.name, ''::text) AS created_by_name,
35+
COALESCE(organizations.name, ''::text) AS organization_name,
36+
COALESCE(organizations.display_name, ''::text) AS organization_display_name,
37+
COALESCE(organizations.icon, ''::text) AS organization_icon
38+
FROM ((templates
39+
LEFT JOIN visible_users ON ((templates.created_by = visible_users.id)))
40+
LEFT JOIN organizations ON ((templates.organization_id = organizations.id)));
41+
42+
COMMENT ON VIEW template_with_names IS 'Joins in the display name information such as username, avatar, and organization name.';
43+
44+
ALTER TABLE templates DROP COLUMN cors_behavior;
45+
46+
DROP TYPE IF EXISTS cors_behavior;

coderd/database/migrations/000353_template_level_cors.up.sql

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
CREATE TYPE cors_behavior AS ENUM (
2+
'simple',
3+
'passthru'
4+
);
5+
6+
ALTER TABLE templates
7+
ADD COLUMN cors_behavior cors_behavior NOT NULL DEFAULT 'simple'::cors_behavior;
8+
9+
-- Update the template_with_users view by recreating it.
10+
DROP VIEW IF EXISTS template_with_names;
11+
CREATE VIEW template_with_names AS
12+
SELECT templates.id,
13+
templates.created_at,
14+
templates.updated_at,
15+
templates.organization_id,
16+
templates.deleted,
17+
templates.name,
18+
templates.provisioner,
19+
templates.active_version_id,
20+
templates.description,
21+
templates.default_ttl,
22+
templates.created_by,
23+
templates.icon,
24+
templates.user_acl,
25+
templates.group_acl,
26+
templates.display_name,
27+
templates.allow_user_cancel_workspace_jobs,
28+
templates.allow_user_autostart,
29+
templates.allow_user_autostop,
30+
templates.failure_ttl,
31+
templates.time_til_dormant,
32+
templates.time_til_dormant_autodelete,
33+
templates.autostop_requirement_days_of_week,
34+
templates.autostop_requirement_weeks,
35+
templates.autostart_block_days_of_week,
36+
templates.require_active_version,
37+
templates.deprecated,
38+
templates.activity_bump,
39+
templates.max_port_sharing_level,
40+
templates.use_classic_parameter_flow,
41+
templates.cors_behavior, -- <--- adding this column
42+
COALESCE(visible_users.avatar_url, ''::text) AS created_by_avatar_url,
43+
COALESCE(visible_users.username, ''::text) AS created_by_username,
44+
COALESCE(visible_users.name, ''::text) AS created_by_name,
45+
COALESCE(organizations.name, ''::text) AS organization_name,
46+
COALESCE(organizations.display_name, ''::text) AS organization_display_name,
47+
COALESCE(organizations.icon, ''::text) AS organization_icon
48+
FROM ((templates
49+
LEFT JOIN visible_users ON ((templates.created_by = visible_users.id)))
50+
LEFT JOIN organizations ON ((templates.organization_id = organizations.id)));
51+
52+
COMMENT ON VIEW template_with_names IS 'Joins in the display name information such as username, avatar, and organization name.';

coderd/database/modelqueries.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,7 @@ func (q *sqlQuerier) GetAuthorizedTemplates(ctx context.Context, arg GetTemplate
120120
&i.ActivityBump,
121121
&i.MaxPortSharingLevel,
122122
&i.UseClassicParameterFlow,
123+
&i.CorsBehavior,
123124
&i.CreatedByAvatarURL,
124125
&i.CreatedByUsername,
125126
&i.CreatedByName,

coderd/database/models.go

Lines changed: 61 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy